f5605cdcb3aadfe5edaa420c61bba1e5107d22bad99dd814d54dd6f4bad8896a

Analysis

max time kernel
145s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240910-en
resource tags

arch:x64arch:x86image:win10v2004-20240910-enlocale:en-usos:windows10-2004-x64system
submitted
12/09/2024, 15:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

dc89bd08740b1e37cd761435a23eb210_JaffaCakes118.html
Size

87KB
MD5

dc89bd08740b1e37cd761435a23eb210
SHA1

1da7b05efacde6582052137e38eeda82dc65fa23
SHA256

f5605cdcb3aadfe5edaa420c61bba1e5107d22bad99dd814d54dd6f4bad8896a
SHA512

670f0e1d28688e991930706d4714605271f3126790d90f019250bf89dca04d8ba906c05478a2580c13f1d5f53602c8d27af9a46e494502fe94e27eea55c0d8fa
SSDEEP

1536:j+dVmHv7omMcxS77cyT+SY3tLdHXwD0LJFU5:j2VmHTnz4cUqdLBXwD0LJFU5

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4872	msedge.exe
4872	msedge.exe
3192	msedge.exe
3192	msedge.exe
4620	identity_helper.exe
4620	identity_helper.exe
2804	msedge.exe
2804	msedge.exe
2804	msedge.exe
2804	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3192 wrote to memory of 4528	3192	msedge.exe	83
PID 3192 wrote to memory of 4528	3192	msedge.exe	83
PID 3192 wrote to memory of 4880	3192	msedge.exe	85
PID 3192 wrote to memory of 4880	3192	msedge.exe	85
PID 3192 wrote to memory of 4880	3192	msedge.exe	85
PID 3192 wrote to memory of 4880	3192	msedge.exe	85
PID 3192 wrote to memory of 4880	3192	msedge.exe	85
PID 3192 wrote to memory of 4880	3192	msedge.exe	85
PID 3192 wrote to memory of 4880	3192	msedge.exe	85
PID 3192 wrote to memory of 4880	3192	msedge.exe	85
PID 3192 wrote to memory of 4880	3192	msedge.exe	85
PID 3192 wrote to memory of 4880	3192	msedge.exe	85
PID 3192 wrote to memory of 4880	3192	msedge.exe	85
PID 3192 wrote to memory of 4880	3192	msedge.exe	85
PID 3192 wrote to memory of 4880	3192	msedge.exe	85
PID 3192 wrote to memory of 4880	3192	msedge.exe	85
PID 3192 wrote to memory of 4880	3192	msedge.exe	85
PID 3192 wrote to memory of 4880	3192	msedge.exe	85
PID 3192 wrote to memory of 4880	3192	msedge.exe	85
PID 3192 wrote to memory of 4880	3192	msedge.exe	85
PID 3192 wrote to memory of 4880	3192	msedge.exe	85
PID 3192 wrote to memory of 4880	3192	msedge.exe	85
PID 3192 wrote to memory of 4880	3192	msedge.exe	85
PID 3192 wrote to memory of 4880	3192	msedge.exe	85
PID 3192 wrote to memory of 4880	3192	msedge.exe	85
PID 3192 wrote to memory of 4880	3192	msedge.exe	85
PID 3192 wrote to memory of 4880	3192	msedge.exe	85
PID 3192 wrote to memory of 4880	3192	msedge.exe	85
PID 3192 wrote to memory of 4880	3192	msedge.exe	85
PID 3192 wrote to memory of 4880	3192	msedge.exe	85
PID 3192 wrote to memory of 4880	3192	msedge.exe	85
PID 3192 wrote to memory of 4880	3192	msedge.exe	85
PID 3192 wrote to memory of 4880	3192	msedge.exe	85
PID 3192 wrote to memory of 4880	3192	msedge.exe	85
PID 3192 wrote to memory of 4880	3192	msedge.exe	85
PID 3192 wrote to memory of 4880	3192	msedge.exe	85
PID 3192 wrote to memory of 4880	3192	msedge.exe	85
PID 3192 wrote to memory of 4880	3192	msedge.exe	85
PID 3192 wrote to memory of 4880	3192	msedge.exe	85
PID 3192 wrote to memory of 4880	3192	msedge.exe	85
PID 3192 wrote to memory of 4880	3192	msedge.exe	85
PID 3192 wrote to memory of 4880	3192	msedge.exe	85
PID 3192 wrote to memory of 4872	3192	msedge.exe	86
PID 3192 wrote to memory of 4872	3192	msedge.exe	86
PID 3192 wrote to memory of 408	3192	msedge.exe	87
PID 3192 wrote to memory of 408	3192	msedge.exe	87
PID 3192 wrote to memory of 408	3192	msedge.exe	87
PID 3192 wrote to memory of 408	3192	msedge.exe	87
PID 3192 wrote to memory of 408	3192	msedge.exe	87
PID 3192 wrote to memory of 408	3192	msedge.exe	87
PID 3192 wrote to memory of 408	3192	msedge.exe	87
PID 3192 wrote to memory of 408	3192	msedge.exe	87
PID 3192 wrote to memory of 408	3192	msedge.exe	87
PID 3192 wrote to memory of 408	3192	msedge.exe	87
PID 3192 wrote to memory of 408	3192	msedge.exe	87
PID 3192 wrote to memory of 408	3192	msedge.exe	87
PID 3192 wrote to memory of 408	3192	msedge.exe	87
PID 3192 wrote to memory of 408	3192	msedge.exe	87
PID 3192 wrote to memory of 408	3192	msedge.exe	87
PID 3192 wrote to memory of 408	3192	msedge.exe	87
PID 3192 wrote to memory of 408	3192	msedge.exe	87
PID 3192 wrote to memory of 408	3192	msedge.exe	87
PID 3192 wrote to memory of 408	3192	msedge.exe	87
PID 3192 wrote to memory of 408	3192	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\dc89bd08740b1e37cd761435a23eb210_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa6f2f46f8,0x7ffa6f2f4708,0x7ffa6f2f4718
  2⤵
  PID:4528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,3737496396605176169,12570601342862776045,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2
  2⤵
  PID:4880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,3737496396605176169,12570601342862776045,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2236 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2140,3737496396605176169,12570601342862776045,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2812 /prefetch:8
  2⤵
  PID:408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,3737496396605176169,12570601342862776045,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1
  2⤵
  PID:5060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,3737496396605176169,12570601342862776045,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:5020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,3737496396605176169,12570601342862776045,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4972 /prefetch:1
  2⤵
  PID:404
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,3737496396605176169,12570601342862776045,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5604 /prefetch:8
  2⤵
  PID:692
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,3737496396605176169,12570601342862776045,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5604 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,3737496396605176169,12570601342862776045,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4768 /prefetch:1
  2⤵
  PID:3228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,3737496396605176169,12570601342862776045,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5148 /prefetch:1
  2⤵
  PID:4412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,3737496396605176169,12570601342862776045,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4100 /prefetch:1
  2⤵
  PID:1720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,3737496396605176169,12570601342862776045,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5748 /prefetch:1
  2⤵
  PID:1220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,3737496396605176169,12570601342862776045,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5480 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2804

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3900

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3644

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7006aacd11b992cd29fca21e619e86ea

SHA1
f224b726a114d4c73d7379236739d5fbb8e7f7b7

SHA256
3c434b96841d5a0fa0a04a6b503c3c4d46f1c4e3a1be77853175e5680e182814

SHA512
6de169882c0e01217c4ca01f6ead8e5ebb316a77558e51cd862532dbf9147d9e267f8db667ff6e9fa33164243724f5e437cb882392382f3cae1072dadb762c1d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b80cf20d9e8cf6a579981bfaab1bdce2

SHA1
171a886be3a882bd04206295ce7f1db5b8b7035e

SHA256
10d995b136b604440ac4033b2222543975779068a321d7bddf675d0cb2a4c2b1

SHA512
0233b34866be1afd214a1c8a9dcf8328d16246b3a5ef142295333547b4cfdc787c8627439a2ca03c20cb49107f7428d39696143b71f56b7f1f05029b3a14376a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
672c6942a7760b1b341ee47d37c83107

SHA1
32653dacf0cd85dc5a9fd9f350a3204465023c16

SHA256
05a33ed7b17836b9756af0378ed3b069e9b66ac515945689c6c756b3f7951f81

SHA512
b6a7ce4661d792476c91438a6090cd8db1d3b28ee559fee6eabd0f476db60c4d40ce4c19faad96e63b29142b86869e0f29d1d6ffe2d081a0237629974f3e083c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
34af48d8d37cbb9d7d6dac635f90c131

SHA1
f3b84ff6e9fe9138580833489d684b5be70a804f

SHA256
05756539ce65696dab43f433dc43b685ec6993513f6fdb05ed1fa5b8a981e43d

SHA512
61fb8a5023db1a7de7ed67793bdf2510301324c15dc1d8b405e5b6d51c234e7dd34cbaa65cc6662d3300c62220ce2e3b75f02b52646162bf8a90084b3fea3b25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9e35ad448b2dbf72a8876801cf929d20

SHA1
9dcf0d81cb744b5ec99deaaf699d1230bbf6a2f3

SHA256
0121b342556801b8dbce1162e24ce68739e3a72c048b86181357a66b9a44284f

SHA512
6f28ca3b2f6a699f91c1b9c13edd09a8b644525b626e69b6bcc35d4c6014e9a4d0ba15c8fd6c7813822ab4d947197749de4aba612f01330a98a61c43b96f5bb8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
b02aacc3c1a17beb4e4b0e5c4854c8ae

SHA1
3f84b7666d96572b6fd178725e531e04c7786c55

SHA256
270951bebb52d22cccfe334c639a317aca15508d3fef2d9029b59e43f90e8426

SHA512
ffbb10369569900d879ed11e61a8129fc65d2c35a6bc19ae3a4730a34f7ca0f56a767b638c6b39accb0864ea9a70181c6804dbf9b53f8875b4188eaa9c5fefd0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f5df08d9686b2235f0521bf10a3b9f7f

SHA1
4273e1f9bb59208bb13a06783f6cf1fbe64cc7a8

SHA256
67b7302ad37658fdfb21ecb66b9e32aca64b0f16651a20567082ccbb504b17e0

SHA512
c8c555c31eac7c1541a0b991c536b898c8c6aca5ba15a28ae29af50bc986f5b3ce975eeb5524a33694f18c1a7729df75b62aaa2fe830aa431dc9ee07ba9351fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
17a32227318c6922feba363e3c2f5419

SHA1
073787f60ab893134a2381eca6a9e38c51a21461

SHA256
24198194d52398beecb2bb8d41858e080d22efb6f028859be3b59d2316548cd2

SHA512
9940d2c613269b100c785c00094903de405db90b1aa4f5fcce072ae844b563b858a2aecf503d97ab01c65a42a37539109b78aa567ed239464fc8390c1e2feefd

Download Submit