6172174f600de0a5ba06364ca407de16fbd7887850eada3da87f3f5d2816a38d

Analysis

max time kernel
147s
max time network
137s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
11/08/2024, 14:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8acb84230ecd6a997facfab0156dd380_JaffaCakes118.html
Size

197KB
MD5

8acb84230ecd6a997facfab0156dd380
SHA1

4aa2f4baec912590adaa5a6e7fda19e6236e6bf6
SHA256

6172174f600de0a5ba06364ca407de16fbd7887850eada3da87f3f5d2816a38d
SHA512

8501a3c9017de3a37900e59f0c9c9c7c6b00f2953229a005121c11fdd12c528774f5ee478f8aea313a947b36a9dea7252ba4652fd5d4364fcd13643ce17048fa
SSDEEP

3072:1NBWDF0xbhhgKqAC+Zc98Wgg4lpKmK4xmvyjKWST9TBXV2KIHRMr:1NBWDF0xbhhgKqAC+ZXlpK54xnjvSaur

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3364	msedge.exe
3364	msedge.exe
2376	msedge.exe
2376	msedge.exe
2192	identity_helper.exe
2192	identity_helper.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2376 wrote to memory of 624	2376	msedge.exe	84
PID 2376 wrote to memory of 624	2376	msedge.exe	84
PID 2376 wrote to memory of 908	2376	msedge.exe	85
PID 2376 wrote to memory of 908	2376	msedge.exe	85
PID 2376 wrote to memory of 908	2376	msedge.exe	85
PID 2376 wrote to memory of 908	2376	msedge.exe	85
PID 2376 wrote to memory of 908	2376	msedge.exe	85
PID 2376 wrote to memory of 908	2376	msedge.exe	85
PID 2376 wrote to memory of 908	2376	msedge.exe	85
PID 2376 wrote to memory of 908	2376	msedge.exe	85
PID 2376 wrote to memory of 908	2376	msedge.exe	85
PID 2376 wrote to memory of 908	2376	msedge.exe	85
PID 2376 wrote to memory of 908	2376	msedge.exe	85
PID 2376 wrote to memory of 908	2376	msedge.exe	85
PID 2376 wrote to memory of 908	2376	msedge.exe	85
PID 2376 wrote to memory of 908	2376	msedge.exe	85
PID 2376 wrote to memory of 908	2376	msedge.exe	85
PID 2376 wrote to memory of 908	2376	msedge.exe	85
PID 2376 wrote to memory of 908	2376	msedge.exe	85
PID 2376 wrote to memory of 908	2376	msedge.exe	85
PID 2376 wrote to memory of 908	2376	msedge.exe	85
PID 2376 wrote to memory of 908	2376	msedge.exe	85
PID 2376 wrote to memory of 908	2376	msedge.exe	85
PID 2376 wrote to memory of 908	2376	msedge.exe	85
PID 2376 wrote to memory of 908	2376	msedge.exe	85
PID 2376 wrote to memory of 908	2376	msedge.exe	85
PID 2376 wrote to memory of 908	2376	msedge.exe	85
PID 2376 wrote to memory of 908	2376	msedge.exe	85
PID 2376 wrote to memory of 908	2376	msedge.exe	85
PID 2376 wrote to memory of 908	2376	msedge.exe	85
PID 2376 wrote to memory of 908	2376	msedge.exe	85
PID 2376 wrote to memory of 908	2376	msedge.exe	85
PID 2376 wrote to memory of 908	2376	msedge.exe	85
PID 2376 wrote to memory of 908	2376	msedge.exe	85
PID 2376 wrote to memory of 908	2376	msedge.exe	85
PID 2376 wrote to memory of 908	2376	msedge.exe	85
PID 2376 wrote to memory of 908	2376	msedge.exe	85
PID 2376 wrote to memory of 908	2376	msedge.exe	85
PID 2376 wrote to memory of 908	2376	msedge.exe	85
PID 2376 wrote to memory of 908	2376	msedge.exe	85
PID 2376 wrote to memory of 908	2376	msedge.exe	85
PID 2376 wrote to memory of 908	2376	msedge.exe	85
PID 2376 wrote to memory of 3364	2376	msedge.exe	86
PID 2376 wrote to memory of 3364	2376	msedge.exe	86
PID 2376 wrote to memory of 3616	2376	msedge.exe	87
PID 2376 wrote to memory of 3616	2376	msedge.exe	87
PID 2376 wrote to memory of 3616	2376	msedge.exe	87
PID 2376 wrote to memory of 3616	2376	msedge.exe	87
PID 2376 wrote to memory of 3616	2376	msedge.exe	87
PID 2376 wrote to memory of 3616	2376	msedge.exe	87
PID 2376 wrote to memory of 3616	2376	msedge.exe	87
PID 2376 wrote to memory of 3616	2376	msedge.exe	87
PID 2376 wrote to memory of 3616	2376	msedge.exe	87
PID 2376 wrote to memory of 3616	2376	msedge.exe	87
PID 2376 wrote to memory of 3616	2376	msedge.exe	87
PID 2376 wrote to memory of 3616	2376	msedge.exe	87
PID 2376 wrote to memory of 3616	2376	msedge.exe	87
PID 2376 wrote to memory of 3616	2376	msedge.exe	87
PID 2376 wrote to memory of 3616	2376	msedge.exe	87
PID 2376 wrote to memory of 3616	2376	msedge.exe	87
PID 2376 wrote to memory of 3616	2376	msedge.exe	87
PID 2376 wrote to memory of 3616	2376	msedge.exe	87
PID 2376 wrote to memory of 3616	2376	msedge.exe	87
PID 2376 wrote to memory of 3616	2376	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\8acb84230ecd6a997facfab0156dd380_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe80f946f8,0x7ffe80f94708,0x7ffe80f94718
  2⤵
  PID:624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,3213128955640126625,16930638102295482048,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2080 /prefetch:2
  2⤵
  PID:908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2060,3213128955640126625,16930638102295482048,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2548 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2060,3213128955640126625,16930638102295482048,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2868 /prefetch:8
  2⤵
  PID:3616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,3213128955640126625,16930638102295482048,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:1608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,3213128955640126625,16930638102295482048,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:3620
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,3213128955640126625,16930638102295482048,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5252 /prefetch:8
  2⤵
  PID:1676
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,3213128955640126625,16930638102295482048,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5252 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,3213128955640126625,16930638102295482048,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5008 /prefetch:1
  2⤵
  PID:1256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,3213128955640126625,16930638102295482048,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4752 /prefetch:1
  2⤵
  PID:852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,3213128955640126625,16930638102295482048,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4132 /prefetch:1
  2⤵
  PID:3016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,3213128955640126625,16930638102295482048,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3468 /prefetch:1
  2⤵
  PID:2892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,3213128955640126625,16930638102295482048,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4892 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2592

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4200

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4680

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9b008261dda31857d68792b46af6dd6d

SHA1
e82dc88e2d1da2df7cb19d79a0346b9bb90d52b3

SHA256
9ac598d4f8170f7e475d84103aead9e3c23d5f2d292741a7f56a17bde8b6f7da

SHA512
78853091403a06beeec4998e2e3a4342111895ffd485f7f7cd367741a4883f7a25864cba00a6c86f27dc0c9ce9d04f08011ecc40c8ae9383d33274739ac39f10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0446fcdd21b016db1f468971fb82a488

SHA1
726b91562bb75f80981f381e3c69d7d832c87c9d

SHA256
62c5dc18b25e758f3508582a7c58bb46b734a774d97fc0e8a20614235caa8222

SHA512
1df7c085042266959f1fe0aedc5f6d40ceba485b54159f51f0c38f17bb250b79ea941b735e1b6faf219f23fe8ab65ac4557f545519d52d5416b89ad0f9047a31

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
1dcf35a6f1c4d78400557db442951bd0

SHA1
9a9d1e4c81126a060258fd6686235b924939fdd9

SHA256
2daf3f89e398ba34e86865a2ca5e754dd69b93fb1d83a4044a4922eca0b82d75

SHA512
eb545115c92499c6c31860436808daa289c6e15641f97cc3e5b50fedbfb8e61028758ddb219077229791df12fe0fa16cfe124b12dc1bf02f7cea1b527787d561

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
0ed72fccca0f6022b03a3686a902cd6a

SHA1
5f815f9e675379b87e9645726f88454616ce9550

SHA256
dd355d53813ca04c51d525593947a5a3ed02892be0da9c06e80cfd966679fdd4

SHA512
08c67418eb3ae760bb3381c28470adf560c11335f9d076aa1df2bbde61c2ebf0f9fb97da610bdf021960cd0e6fc4d55f2dd7d2656ea67d37b0d15304e9e0c604

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
035825097ccc4fd085037bf8d61c50fa

SHA1
f9e903f129556e34508859db71ff0c5e49b0b022

SHA256
70d0cd860fc1d0c9ab37bd0308f3a5eb92502978ff5983dcfe216a1e55e1b622

SHA512
7c3f6274333c01d5f041f6b01e4b6b0609bd93d9a019048d34455d6747700770ae49086fd8c0a361be82261c411cee3c934af24951edc2fb9b7e858286a8e048

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
93a18d1af5ed0947561da4e8640a762c

SHA1
bbf9102dbb664bb506e69231517de8169efa8568

SHA256
e2491d2c426a187131a9d711014340e935ad8426e0aa23dabd3b35266cd7a456

SHA512
d8fbb8681bcdecc256e84f6b242e1907a0423cd4e14382441676f88f2ca9e5304a5d94c97aca4d182c1f3f103d70ec204e7d69df48b1f1f5f50b58e938172051

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
833cc88ec7595445c1c6343f77e91063

SHA1
d9fbe854055f0f38eabf400adb2720de8f9d3246

SHA256
48ccc9587a5e81bbceb23f22710912906a2a1f1504f4d6979da9afa3cced66b1

SHA512
1a0d3e5fe6b1310fe940ec6156d8d3b0326f5d6b6fb6efb7067ad11c859a1297603332323dc5e9d51076b1cc88e6edfee5ed99ae5345e10f8c323a0768d1be3f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
539B

MD5
f9bd91542a7e7448da393b2a8b6f6c15

SHA1
4a29868ee13cce30ac16c487da5d0bc8df70a5b6

SHA256
9f4007bad8434bcbc9b9090def5e272ecaeddb6419eb775b632339c3c5ae7fce

SHA512
dd3725679095ac563f9d1b2baeccc2f9383d18434368def7e00e9a0f380b1ef7905c1f89d6843a71d560365354d6dfd31a1c0249b0cde3e1a38e549ba417552f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe588c3d.TMP

Filesize
371B

MD5
4ff4c1cf0d915854fa94cf7df9e7b707

SHA1
6019a7cc485a24d3abc4b985bcd7a421601fe5a3

SHA256
4871990288972548877fc2620b0c5e2f9c2c2ea6784d5573622ad41d3d60ca0b

SHA512
e322683004426931ca65bbbcaa32b70bf9b5878b5e975e0f760bebc144ea4af1299b347445183bcdc792fa67b3cf0d5b2fa9dad268f391800596bfa81ffb6dc3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
c4b52eb639768587613392ffc65e50c3

SHA1
213830b953c07e7783dba25b78eede955d90eb67

SHA256
7392e9d5f438ae9de7ddd12d7ccaa83c84f5e13afb30844b244587738688f8f2

SHA512
4aedcee16ecd4cdbfd7247c8c0bea39f448b03d3a55e7e1fd60f23081d3124881500b419fe709ef8e0d17182387254b11b5f13924982c80010edf306f0843a2d

Download Submit