9d9ddb77315db836e51471800dbfd017811d4504396b37b6908d81e3ba8ef981

Analysis

max time kernel
145s
max time network
140s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
29/08/2024, 01:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c7fa7f7b1a1f6f3b37ec3ee3066a7343_JaffaCakes118.html
Size

21KB
MD5

c7fa7f7b1a1f6f3b37ec3ee3066a7343
SHA1

66c1b590fde6a4344b1f34c7b228895c1ddc653b
SHA256

9d9ddb77315db836e51471800dbfd017811d4504396b37b6908d81e3ba8ef981
SHA512

86a4550f50ea8737c4e621f21cea059babd77a62c5ab258acd5e134e51006657998af01b473ed1eb4970eb4706ff300db99120b55a6179927dadb33f185f16c6
SSDEEP

192:Hqvl596UDYvWfWYsEEn95vo2UQB7w09Vea95MSdNVMjP0kuCN:Kd59GuqEEn7w2RUa7MRP0kuCN

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1124	msedge.exe
1124	msedge.exe
2436	msedge.exe
2436	msedge.exe
4296	identity_helper.exe
4296	identity_helper.exe
408	msedge.exe
408	msedge.exe
408	msedge.exe
408	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
2436	msedge.exe
2436	msedge.exe
2436	msedge.exe
2436	msedge.exe
2436	msedge.exe
2436	msedge.exe
2436	msedge.exe
2436	msedge.exe
2436	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2436	msedge.exe
2436	msedge.exe
2436	msedge.exe
2436	msedge.exe
2436	msedge.exe
2436	msedge.exe
2436	msedge.exe
2436	msedge.exe
2436	msedge.exe
2436	msedge.exe
2436	msedge.exe
2436	msedge.exe
2436	msedge.exe
2436	msedge.exe
2436	msedge.exe
2436	msedge.exe
2436	msedge.exe
2436	msedge.exe
2436	msedge.exe
2436	msedge.exe
2436	msedge.exe
2436	msedge.exe
2436	msedge.exe
2436	msedge.exe
2436	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2436	msedge.exe
2436	msedge.exe
2436	msedge.exe
2436	msedge.exe
2436	msedge.exe
2436	msedge.exe
2436	msedge.exe
2436	msedge.exe
2436	msedge.exe
2436	msedge.exe
2436	msedge.exe
2436	msedge.exe
2436	msedge.exe
2436	msedge.exe
2436	msedge.exe
2436	msedge.exe
2436	msedge.exe
2436	msedge.exe
2436	msedge.exe
2436	msedge.exe
2436	msedge.exe
2436	msedge.exe
2436	msedge.exe
2436	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2436 wrote to memory of 4152	2436	msedge.exe	84
PID 2436 wrote to memory of 4152	2436	msedge.exe	84
PID 2436 wrote to memory of 980	2436	msedge.exe	85
PID 2436 wrote to memory of 980	2436	msedge.exe	85
PID 2436 wrote to memory of 980	2436	msedge.exe	85
PID 2436 wrote to memory of 980	2436	msedge.exe	85
PID 2436 wrote to memory of 980	2436	msedge.exe	85
PID 2436 wrote to memory of 980	2436	msedge.exe	85
PID 2436 wrote to memory of 980	2436	msedge.exe	85
PID 2436 wrote to memory of 980	2436	msedge.exe	85
PID 2436 wrote to memory of 980	2436	msedge.exe	85
PID 2436 wrote to memory of 980	2436	msedge.exe	85
PID 2436 wrote to memory of 980	2436	msedge.exe	85
PID 2436 wrote to memory of 980	2436	msedge.exe	85
PID 2436 wrote to memory of 980	2436	msedge.exe	85
PID 2436 wrote to memory of 980	2436	msedge.exe	85
PID 2436 wrote to memory of 980	2436	msedge.exe	85
PID 2436 wrote to memory of 980	2436	msedge.exe	85
PID 2436 wrote to memory of 980	2436	msedge.exe	85
PID 2436 wrote to memory of 980	2436	msedge.exe	85
PID 2436 wrote to memory of 980	2436	msedge.exe	85
PID 2436 wrote to memory of 980	2436	msedge.exe	85
PID 2436 wrote to memory of 980	2436	msedge.exe	85
PID 2436 wrote to memory of 980	2436	msedge.exe	85
PID 2436 wrote to memory of 980	2436	msedge.exe	85
PID 2436 wrote to memory of 980	2436	msedge.exe	85
PID 2436 wrote to memory of 980	2436	msedge.exe	85
PID 2436 wrote to memory of 980	2436	msedge.exe	85
PID 2436 wrote to memory of 980	2436	msedge.exe	85
PID 2436 wrote to memory of 980	2436	msedge.exe	85
PID 2436 wrote to memory of 980	2436	msedge.exe	85
PID 2436 wrote to memory of 980	2436	msedge.exe	85
PID 2436 wrote to memory of 980	2436	msedge.exe	85
PID 2436 wrote to memory of 980	2436	msedge.exe	85
PID 2436 wrote to memory of 980	2436	msedge.exe	85
PID 2436 wrote to memory of 980	2436	msedge.exe	85
PID 2436 wrote to memory of 980	2436	msedge.exe	85
PID 2436 wrote to memory of 980	2436	msedge.exe	85
PID 2436 wrote to memory of 980	2436	msedge.exe	85
PID 2436 wrote to memory of 980	2436	msedge.exe	85
PID 2436 wrote to memory of 980	2436	msedge.exe	85
PID 2436 wrote to memory of 980	2436	msedge.exe	85
PID 2436 wrote to memory of 1124	2436	msedge.exe	86
PID 2436 wrote to memory of 1124	2436	msedge.exe	86
PID 2436 wrote to memory of 1688	2436	msedge.exe	87
PID 2436 wrote to memory of 1688	2436	msedge.exe	87
PID 2436 wrote to memory of 1688	2436	msedge.exe	87
PID 2436 wrote to memory of 1688	2436	msedge.exe	87
PID 2436 wrote to memory of 1688	2436	msedge.exe	87
PID 2436 wrote to memory of 1688	2436	msedge.exe	87
PID 2436 wrote to memory of 1688	2436	msedge.exe	87
PID 2436 wrote to memory of 1688	2436	msedge.exe	87
PID 2436 wrote to memory of 1688	2436	msedge.exe	87
PID 2436 wrote to memory of 1688	2436	msedge.exe	87
PID 2436 wrote to memory of 1688	2436	msedge.exe	87
PID 2436 wrote to memory of 1688	2436	msedge.exe	87
PID 2436 wrote to memory of 1688	2436	msedge.exe	87
PID 2436 wrote to memory of 1688	2436	msedge.exe	87
PID 2436 wrote to memory of 1688	2436	msedge.exe	87
PID 2436 wrote to memory of 1688	2436	msedge.exe	87
PID 2436 wrote to memory of 1688	2436	msedge.exe	87
PID 2436 wrote to memory of 1688	2436	msedge.exe	87
PID 2436 wrote to memory of 1688	2436	msedge.exe	87
PID 2436 wrote to memory of 1688	2436	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\c7fa7f7b1a1f6f3b37ec3ee3066a7343_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff877946f8,0x7fff87794708,0x7fff87794718
  2⤵
  PID:4152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2204,507015898255063152,7917014317179417887,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2212 /prefetch:2
  2⤵
  PID:980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2204,507015898255063152,7917014317179417887,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2276 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2204,507015898255063152,7917014317179417887,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2828 /prefetch:8
  2⤵
  PID:1688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,507015898255063152,7917014317179417887,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1
  2⤵
  PID:2220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,507015898255063152,7917014317179417887,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
  2⤵
  PID:2104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,507015898255063152,7917014317179417887,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4220 /prefetch:1
  2⤵
  PID:2548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,507015898255063152,7917014317179417887,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5172 /prefetch:1
  2⤵
  PID:4064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,507015898255063152,7917014317179417887,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5168 /prefetch:1
  2⤵
  PID:2288
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2204,507015898255063152,7917014317179417887,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5160 /prefetch:8
  2⤵
  PID:3460
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2204,507015898255063152,7917014317179417887,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5160 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,507015898255063152,7917014317179417887,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4284 /prefetch:1
  2⤵
  PID:2572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,507015898255063152,7917014317179417887,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4260 /prefetch:1
  2⤵
  PID:2424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,507015898255063152,7917014317179417887,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5992 /prefetch:1
  2⤵
  PID:5212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,507015898255063152,7917014317179417887,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6012 /prefetch:1
  2⤵
  PID:5220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2204,507015898255063152,7917014317179417887,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1796 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:408

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1396

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4536

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
eeaa8087eba2f63f31e599f6a7b46ef4

SHA1
f639519deee0766a39cfe258d2ac48e3a9d5ac03

SHA256
50fe80c9435f601c30517d10f6a8a0ca6ff8ca2add7584df377371b5a5dbe2d9

SHA512
eaabfad92c84f422267615c55a863af12823c5e791bdcb30cabe17f72025e07df7383cf6cf0f08e28aa18a31c2aac5985cf5281a403e22fbcc1fb5e61c49fc3c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b9569e123772ae290f9bac07e0d31748

SHA1
5806ed9b301d4178a959b26d7b7ccf2c0abc6741

SHA256
20ab88e23fb88186b82047cd0d6dc3cfa23422e4fd2b8f3c8437546a2a842c2b

SHA512
cfad8ce716ac815b37e8cc0e30141bfb3ca7f0d4ef101289bddcf6ed3c579bc34d369f2ec2f2dab98707843015633988eb97f1e911728031dd897750b8587795

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\7ed318f3-df20-4ee4-9ee1-d687bec05ae8.tmp

Filesize
5KB

MD5
0f6a763bd2538ccc6fd256ae393f4c0a

SHA1
e1ce098449d0c2c90cc324ef0ac95b9639231677

SHA256
08418496c6cc2715118f5fdb2984ef6b35f93667ef39b4d640bf712b0bed4f15

SHA512
e090be98f21cdcc09c0a558b5f7e53eb57909d612feb065d4ee35856681a6cbaba3bcce00192110fff50d58b2943f4fbd4c6100acbd1b8ecc40b4d844171ab35

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
9ef9a776b561c164f78c25397a480026

SHA1
ecd488ee2c54aec08c73a58336454c18f7be6fd5

SHA256
515e794962a0721cc4f9ed4fbc1947e2224d9e4be7aba58eec00b511fad03d3c

SHA512
a1a125295d769ff2a5655ec5766f5329bd668d08fa3406d40b3a76268f6f21ec3554f245149866007e1cdeae3daf355a84578edb7172f6cdfe6725141f92f202

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d60b1a395e6616c8fb7507206d8eca50

SHA1
47486bfa62b30a268c7ca4aa24b755489d92ed1a

SHA256
ea65dbff0001a66104dcd6210587a0b1f08b1af96589c9946646352d948789fb

SHA512
0356f4e93171c3ee3f087d4064d20ad4b5b8026f88c484c802b93755c6640506b2e693350b1bdffab005b79a49a405168fe089248fc49a289ad7f34306172ffd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
0f31e22f01afc4610094589c9e3a0285

SHA1
7ed247e6f0e6a467551c5b7c9fb32f1a74ba28f9

SHA256
1ae175832f9182c55ae68d772f8343dfadd184c097d2e371f4ffbf0aa68ebf0f

SHA512
65137bcd8000eaaf55ef207ab379d8417d20f01aa22813998d687e28e910f0ea426eec1e4eba70e6303e6576268fb2cd80811fcd909f8e1f17b3dd3e6c465551

Download Submit