6a116061f2452d78db9327489dbac9953c2394505abab1fd16f96e74bb1375ca

Analysis

max time kernel
145s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
24-08-2024 01:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bdbd9757cf303db124d807c730a7f60a_JaffaCakes118.html
Size

504KB
MD5

bdbd9757cf303db124d807c730a7f60a
SHA1

46b1d3c3d533f87f7f0587964cb4e51d7de08ab0
SHA256

6a116061f2452d78db9327489dbac9953c2394505abab1fd16f96e74bb1375ca
SHA512

be91c03825df1d3b8e02d7ebe41b0118f2f09aebbd7b8cd16e6bb14295fdd574d1944381f9c126aeafa55660d47d71eacfe845c22a3d8bf0d4193f067a6a36fc
SSDEEP

3072:wP+IpBxYUV39zfs49PwVeL5PmPTmBcM2mq81k:wP+IpBxo4tLch

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4968	msedge.exe
4968	msedge.exe
4736	msedge.exe
4736	msedge.exe
3612	identity_helper.exe
3612	identity_helper.exe
1956	msedge.exe
1956	msedge.exe
1956	msedge.exe
1956	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4736 wrote to memory of 596	4736	msedge.exe	84
PID 4736 wrote to memory of 596	4736	msedge.exe	84
PID 4736 wrote to memory of 4956	4736	msedge.exe	85
PID 4736 wrote to memory of 4956	4736	msedge.exe	85
PID 4736 wrote to memory of 4956	4736	msedge.exe	85
PID 4736 wrote to memory of 4956	4736	msedge.exe	85
PID 4736 wrote to memory of 4956	4736	msedge.exe	85
PID 4736 wrote to memory of 4956	4736	msedge.exe	85
PID 4736 wrote to memory of 4956	4736	msedge.exe	85
PID 4736 wrote to memory of 4956	4736	msedge.exe	85
PID 4736 wrote to memory of 4956	4736	msedge.exe	85
PID 4736 wrote to memory of 4956	4736	msedge.exe	85
PID 4736 wrote to memory of 4956	4736	msedge.exe	85
PID 4736 wrote to memory of 4956	4736	msedge.exe	85
PID 4736 wrote to memory of 4956	4736	msedge.exe	85
PID 4736 wrote to memory of 4956	4736	msedge.exe	85
PID 4736 wrote to memory of 4956	4736	msedge.exe	85
PID 4736 wrote to memory of 4956	4736	msedge.exe	85
PID 4736 wrote to memory of 4956	4736	msedge.exe	85
PID 4736 wrote to memory of 4956	4736	msedge.exe	85
PID 4736 wrote to memory of 4956	4736	msedge.exe	85
PID 4736 wrote to memory of 4956	4736	msedge.exe	85
PID 4736 wrote to memory of 4956	4736	msedge.exe	85
PID 4736 wrote to memory of 4956	4736	msedge.exe	85
PID 4736 wrote to memory of 4956	4736	msedge.exe	85
PID 4736 wrote to memory of 4956	4736	msedge.exe	85
PID 4736 wrote to memory of 4956	4736	msedge.exe	85
PID 4736 wrote to memory of 4956	4736	msedge.exe	85
PID 4736 wrote to memory of 4956	4736	msedge.exe	85
PID 4736 wrote to memory of 4956	4736	msedge.exe	85
PID 4736 wrote to memory of 4956	4736	msedge.exe	85
PID 4736 wrote to memory of 4956	4736	msedge.exe	85
PID 4736 wrote to memory of 4956	4736	msedge.exe	85
PID 4736 wrote to memory of 4956	4736	msedge.exe	85
PID 4736 wrote to memory of 4956	4736	msedge.exe	85
PID 4736 wrote to memory of 4956	4736	msedge.exe	85
PID 4736 wrote to memory of 4956	4736	msedge.exe	85
PID 4736 wrote to memory of 4956	4736	msedge.exe	85
PID 4736 wrote to memory of 4956	4736	msedge.exe	85
PID 4736 wrote to memory of 4956	4736	msedge.exe	85
PID 4736 wrote to memory of 4956	4736	msedge.exe	85
PID 4736 wrote to memory of 4956	4736	msedge.exe	85
PID 4736 wrote to memory of 4968	4736	msedge.exe	86
PID 4736 wrote to memory of 4968	4736	msedge.exe	86
PID 4736 wrote to memory of 4924	4736	msedge.exe	87
PID 4736 wrote to memory of 4924	4736	msedge.exe	87
PID 4736 wrote to memory of 4924	4736	msedge.exe	87
PID 4736 wrote to memory of 4924	4736	msedge.exe	87
PID 4736 wrote to memory of 4924	4736	msedge.exe	87
PID 4736 wrote to memory of 4924	4736	msedge.exe	87
PID 4736 wrote to memory of 4924	4736	msedge.exe	87
PID 4736 wrote to memory of 4924	4736	msedge.exe	87
PID 4736 wrote to memory of 4924	4736	msedge.exe	87
PID 4736 wrote to memory of 4924	4736	msedge.exe	87
PID 4736 wrote to memory of 4924	4736	msedge.exe	87
PID 4736 wrote to memory of 4924	4736	msedge.exe	87
PID 4736 wrote to memory of 4924	4736	msedge.exe	87
PID 4736 wrote to memory of 4924	4736	msedge.exe	87
PID 4736 wrote to memory of 4924	4736	msedge.exe	87
PID 4736 wrote to memory of 4924	4736	msedge.exe	87
PID 4736 wrote to memory of 4924	4736	msedge.exe	87
PID 4736 wrote to memory of 4924	4736	msedge.exe	87
PID 4736 wrote to memory of 4924	4736	msedge.exe	87
PID 4736 wrote to memory of 4924	4736	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\bdbd9757cf303db124d807c730a7f60a_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa08db46f8,0x7ffa08db4708,0x7ffa08db4718
  2⤵
  PID:596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1984,13496358416038361285,6276550054674825843,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1988 /prefetch:2
  2⤵
  PID:4956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1984,13496358416038361285,6276550054674825843,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2312 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1984,13496358416038361285,6276550054674825843,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2684 /prefetch:8
  2⤵
  PID:4924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,13496358416038361285,6276550054674825843,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:5068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,13496358416038361285,6276550054674825843,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
  2⤵
  PID:648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,13496358416038361285,6276550054674825843,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4712 /prefetch:1
  2⤵
  PID:3292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,13496358416038361285,6276550054674825843,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4864 /prefetch:1
  2⤵
  PID:408
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1984,13496358416038361285,6276550054674825843,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5552 /prefetch:8
  2⤵
  PID:4268
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1984,13496358416038361285,6276550054674825843,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5552 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,13496358416038361285,6276550054674825843,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6068 /prefetch:1
  2⤵
  PID:3676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,13496358416038361285,6276550054674825843,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6092 /prefetch:1
  2⤵
  PID:1712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,13496358416038361285,6276550054674825843,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6072 /prefetch:1
  2⤵
  PID:688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,13496358416038361285,6276550054674825843,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4952 /prefetch:1
  2⤵
  PID:4800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1984,13496358416038361285,6276550054674825843,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5124 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1956

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3192

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1432

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f9664c896e19205022c094d725f820b6

SHA1
f8f1baf648df755ba64b412d512446baf88c0184

SHA256
7121d84202a850791c2320385eb59eda4d697310dc51b1fcd4d51264aba2434e

SHA512
3fa5d2c68a9e70e4a25eaac2095171d87c741eec2624c314c6a56f4fa390d6319633bf4c48b1a4af7e9a0451f346beced9693da88cfc7bcba8dfe209cbd1b3ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
847d47008dbea51cb1732d54861ba9c9

SHA1
f2099242027dccb88d6f05760b57f7c89d926c0d

SHA256
10292fa05d896a2952c1d602a72d761d34bc776b44d6a7df87e49b5b613a8ac1

SHA512
bd1526aa1cc1c016d95dfcc53a78b45b09dde4ce67357fc275ab835dbe1bb5b053ca386239f50cde95ad243a9c1bbb12f7505818577589beecc6084f7b94e83f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\14b7b8b8-63d5-45c0-ae39-0cce8416e11a.tmp

Filesize
5KB

MD5
fa80bcb8b20465d830bbf18c125071ed

SHA1
a24806914b9615628c714a30e087be149222b91c

SHA256
6ba1f2be1ef50fce766a6e483c60a573e0c1ee60a914e13dfc1be3d51114cef3

SHA512
ba22053e3650d2579796e7352f573d84cea1dd251dcb664055650c0a621b1bb0dabef877845e6f70aa65a3c94683bdcfecda3ff0836afac9a8937bbe4b4becff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
1801369a1024270830c2a3b68778448e

SHA1
c5a31e71b13e1214377f85da76b90de67b718c9c

SHA256
5fb6c25fa03173e398fe2ced277ecbf47f412f55290badaeb9af8f91c74e0e4c

SHA512
1cbd08e752cdc496317d971f87656fa31fc830f28778fc59f472ba516f7566a7c76d1612c43729aef7b2d863a4fa369bf2f925d5f7611eac5ee8a6ee8334379a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
b7716868ca3939c8dbbc37f7ce0cae31

SHA1
130b72db0001ca1b0c84bb172e9b7f69aaec4d9a

SHA256
118b9c177af678843de2fa42397b53ededbeb6c1fa839ac8037bc79c8ec0c0d3

SHA512
c0c99eef088d7fdf057816e638412715a836d49c751fda77369d460125d0cff0fb0a085d9132330e68e53fe02c94b01553501aef4f66902ebab45735692ad8b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e74a1c3e1f1e8cfabe95a45b79efc82b

SHA1
f31ac86ee022f42a7cac469418216de2a8e8224f

SHA256
af1bcfe2cc422bf35358cbe27a2bc7358ef85c5f208ab6240e159194d7b4b699

SHA512
81e7349f41579c95ab9b485c8140f1979450b2825c40594f07ccb8d2ebaeadc3133e6708af6aed7ec0b82e16b9c626d31203e0c9acf9df3f08005a393ccc909b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f594164df75fa50e265de01b0854af42

SHA1
0a8b3683a3266ed04fe3ec2087a3b521181be469

SHA256
036c1d5364b30cee16b01d08191d3d0fc05b672200c2c0782ef85633af04e9d8

SHA512
cd5d123f1aab104774c7542628c28a353a6659e849c49fb503a3d4c78bcd36f1b5354bb621521c3c7aa0533a4d1854f78cb9389e92c19d21f199e53cbaf1256e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
a4ca890e61149cf1802387aaa6916965

SHA1
7cd4d2542d252c7b2e51f2cfde4f9763e810e430

SHA256
1219c5d0b89454acd2089949e447bdd1cf50c3c5fa1d3c5b19494123def4687c

SHA512
bb438bb4e8cffd905921018c5a8b0f0921cce29d4fb002c638b0fa84d0a9cc1e3608ff21c7eeb9a60f5cf00fa829ad159aa97e735fd69feef76b566281e0458a

Download Submit