6c5ac4d2fc7881f23e2413c1a861e27f2c87bd6a9313b87b6265f3fcb31ed4dc

Analysis

max time kernel
145s
max time network
139s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
11/05/2024, 09:50

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

33fb7737c9c53536e66be409589bf1c3_JaffaCakes118.html
Size

31KB
MD5

33fb7737c9c53536e66be409589bf1c3
SHA1

38d7f863cd696ae3d69da54d69795ea090a107de
SHA256

6c5ac4d2fc7881f23e2413c1a861e27f2c87bd6a9313b87b6265f3fcb31ed4dc
SHA512

9886cd7efa36d27d3203d26fd9e393e5ceb4f6cf00ad1ae31faa81c31114a0eda88e67bbc4e0f4e7974ffedfcb97090c7b6edda39bc39c4196b70d32d171ce6d
SSDEEP

768:BeP+yUbVLS6dpBagHwkyiJuMFiD6bnKaGBL61eGAX+:c+HbVLSmpBaGPyiJux5aeL61t

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2720	msedge.exe
2720	msedge.exe
2788	msedge.exe
2788	msedge.exe
1220	identity_helper.exe
1220	identity_helper.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
2788	msedge.exe
2788	msedge.exe
2788	msedge.exe
2788	msedge.exe
2788	msedge.exe
2788	msedge.exe
2788	msedge.exe
2788	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2788	msedge.exe
2788	msedge.exe
2788	msedge.exe
2788	msedge.exe
2788	msedge.exe
2788	msedge.exe
2788	msedge.exe
2788	msedge.exe
2788	msedge.exe
2788	msedge.exe
2788	msedge.exe
2788	msedge.exe
2788	msedge.exe
2788	msedge.exe
2788	msedge.exe
2788	msedge.exe
2788	msedge.exe
2788	msedge.exe
2788	msedge.exe
2788	msedge.exe
2788	msedge.exe
2788	msedge.exe
2788	msedge.exe
2788	msedge.exe
2788	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2788	msedge.exe
2788	msedge.exe
2788	msedge.exe
2788	msedge.exe
2788	msedge.exe
2788	msedge.exe
2788	msedge.exe
2788	msedge.exe
2788	msedge.exe
2788	msedge.exe
2788	msedge.exe
2788	msedge.exe
2788	msedge.exe
2788	msedge.exe
2788	msedge.exe
2788	msedge.exe
2788	msedge.exe
2788	msedge.exe
2788	msedge.exe
2788	msedge.exe
2788	msedge.exe
2788	msedge.exe
2788	msedge.exe
2788	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2788 wrote to memory of 4160	2788	msedge.exe	81
PID 2788 wrote to memory of 4160	2788	msedge.exe	81
PID 2788 wrote to memory of 2504	2788	msedge.exe	82
PID 2788 wrote to memory of 2504	2788	msedge.exe	82
PID 2788 wrote to memory of 2504	2788	msedge.exe	82
PID 2788 wrote to memory of 2504	2788	msedge.exe	82
PID 2788 wrote to memory of 2504	2788	msedge.exe	82
PID 2788 wrote to memory of 2504	2788	msedge.exe	82
PID 2788 wrote to memory of 2504	2788	msedge.exe	82
PID 2788 wrote to memory of 2504	2788	msedge.exe	82
PID 2788 wrote to memory of 2504	2788	msedge.exe	82
PID 2788 wrote to memory of 2504	2788	msedge.exe	82
PID 2788 wrote to memory of 2504	2788	msedge.exe	82
PID 2788 wrote to memory of 2504	2788	msedge.exe	82
PID 2788 wrote to memory of 2504	2788	msedge.exe	82
PID 2788 wrote to memory of 2504	2788	msedge.exe	82
PID 2788 wrote to memory of 2504	2788	msedge.exe	82
PID 2788 wrote to memory of 2504	2788	msedge.exe	82
PID 2788 wrote to memory of 2504	2788	msedge.exe	82
PID 2788 wrote to memory of 2504	2788	msedge.exe	82
PID 2788 wrote to memory of 2504	2788	msedge.exe	82
PID 2788 wrote to memory of 2504	2788	msedge.exe	82
PID 2788 wrote to memory of 2504	2788	msedge.exe	82
PID 2788 wrote to memory of 2504	2788	msedge.exe	82
PID 2788 wrote to memory of 2504	2788	msedge.exe	82
PID 2788 wrote to memory of 2504	2788	msedge.exe	82
PID 2788 wrote to memory of 2504	2788	msedge.exe	82
PID 2788 wrote to memory of 2504	2788	msedge.exe	82
PID 2788 wrote to memory of 2504	2788	msedge.exe	82
PID 2788 wrote to memory of 2504	2788	msedge.exe	82
PID 2788 wrote to memory of 2504	2788	msedge.exe	82
PID 2788 wrote to memory of 2504	2788	msedge.exe	82
PID 2788 wrote to memory of 2504	2788	msedge.exe	82
PID 2788 wrote to memory of 2504	2788	msedge.exe	82
PID 2788 wrote to memory of 2504	2788	msedge.exe	82
PID 2788 wrote to memory of 2504	2788	msedge.exe	82
PID 2788 wrote to memory of 2504	2788	msedge.exe	82
PID 2788 wrote to memory of 2504	2788	msedge.exe	82
PID 2788 wrote to memory of 2504	2788	msedge.exe	82
PID 2788 wrote to memory of 2504	2788	msedge.exe	82
PID 2788 wrote to memory of 2504	2788	msedge.exe	82
PID 2788 wrote to memory of 2504	2788	msedge.exe	82
PID 2788 wrote to memory of 2720	2788	msedge.exe	83
PID 2788 wrote to memory of 2720	2788	msedge.exe	83
PID 2788 wrote to memory of 1364	2788	msedge.exe	84
PID 2788 wrote to memory of 1364	2788	msedge.exe	84
PID 2788 wrote to memory of 1364	2788	msedge.exe	84
PID 2788 wrote to memory of 1364	2788	msedge.exe	84
PID 2788 wrote to memory of 1364	2788	msedge.exe	84
PID 2788 wrote to memory of 1364	2788	msedge.exe	84
PID 2788 wrote to memory of 1364	2788	msedge.exe	84
PID 2788 wrote to memory of 1364	2788	msedge.exe	84
PID 2788 wrote to memory of 1364	2788	msedge.exe	84
PID 2788 wrote to memory of 1364	2788	msedge.exe	84
PID 2788 wrote to memory of 1364	2788	msedge.exe	84
PID 2788 wrote to memory of 1364	2788	msedge.exe	84
PID 2788 wrote to memory of 1364	2788	msedge.exe	84
PID 2788 wrote to memory of 1364	2788	msedge.exe	84
PID 2788 wrote to memory of 1364	2788	msedge.exe	84
PID 2788 wrote to memory of 1364	2788	msedge.exe	84
PID 2788 wrote to memory of 1364	2788	msedge.exe	84
PID 2788 wrote to memory of 1364	2788	msedge.exe	84
PID 2788 wrote to memory of 1364	2788	msedge.exe	84
PID 2788 wrote to memory of 1364	2788	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\33fb7737c9c53536e66be409589bf1c3_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffddf2a46f8,0x7ffddf2a4708,0x7ffddf2a4718
  2⤵
  PID:4160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,17473683105158499045,7818674912810596229,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2208 /prefetch:2
  2⤵
  PID:2504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2148,17473683105158499045,7818674912810596229,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2260 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2148,17473683105158499045,7818674912810596229,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2808 /prefetch:8
  2⤵
  PID:1364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,17473683105158499045,7818674912810596229,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:2252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,17473683105158499045,7818674912810596229,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2220 /prefetch:1
  2⤵
  PID:1996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,17473683105158499045,7818674912810596229,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4756 /prefetch:1
  2⤵
  PID:2920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,17473683105158499045,7818674912810596229,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5144 /prefetch:1
  2⤵
  PID:3932
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,17473683105158499045,7818674912810596229,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6032 /prefetch:8
  2⤵
  PID:2068
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,17473683105158499045,7818674912810596229,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6032 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,17473683105158499045,7818674912810596229,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5752 /prefetch:1
  2⤵
  PID:2908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,17473683105158499045,7818674912810596229,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5648 /prefetch:1
  2⤵
  PID:2072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,17473683105158499045,7818674912810596229,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5504 /prefetch:1
  2⤵
  PID:1676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,17473683105158499045,7818674912810596229,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5508 /prefetch:1
  2⤵
  PID:2008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,17473683105158499045,7818674912810596229,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4900 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3404

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2372

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4976

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
56641592f6e69f5f5fb06f2319384490

SHA1
6a86be42e2c6d26b7830ad9f4e2627995fd91069

SHA256
02d4984e590e947265474d592e64edde840fdca7eb881eebde3e220a1d883455

SHA512
c75e689b2bbbe07ebf72baf75c56f19c39f45d5593cf47535eb722f95002b3ee418027047c0ee8d63800f499038db5e2c24aff9705d830c7b6eaa290d9adc868

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
612a6c4247ef652299b376221c984213

SHA1
d306f3b16bde39708aa862aee372345feb559750

SHA256
9d8e24c91cff338e56b518a533cb2e49a2803356bbf6e04892fb168a7ce2844a

SHA512
34a14d63abb1e3fe0f9927a94393043d458fe0624843e108d290266f554018e6379cba924cb5388735abdd6c5f1e2e318478a673f3f9b762815a758866d10973

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
0fda544c03edf15bbcf1ea4bb30aa2f4

SHA1
230d66bcef020eba5c2016f9d25d619ba2ec6b1b

SHA256
f9b7eb64f2325e37698b1a6d0bbe8b897d0642be12d3c78fab364cd091171e58

SHA512
49edc1395b3f746ab1a2c55487cb06fac5238026b617583e7d9955b4e3f14a12597c4bc00579be48198065b27192fa4674663d05b33cb50db8502da0fd3e18ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
979B

MD5
731bacc8e95d53a12cf0383cd2c03cb6

SHA1
2577609880bd08c248ae25d7a1bd0308d01b3712

SHA256
f4eb26659fc497a08eb20fff196db93f60dcbed785eb6c0445d97fcb98da9cf2

SHA512
95b676dc18b955e9bf87c2f899176658aa9eb5899af4ba7f0ac2621192be4a0ca79a70478a1415a7eb628978a6ab3aacbf0c1ed3d10cb728df38b17108207ded

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3f9265ee279671c2b87f159ff7149700

SHA1
09ff41c5dc02abfb22e5fed60b15d8579d76ce74

SHA256
cfeb5a594704f4a11f52e7e188d00ba97fac4ca06bc9e92fe98f975e8493eeca

SHA512
1b0b8304cab7a8659e9c2ce95fbfcdc8cac1e4600d33792676afc950882c15cc8faf61a0f6fda5cf69828e36f05a36bc3a03f23a90baa13b74cd4d934bcd8c4e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
3c3af9b8e1d128e80aac1e75ea1efe36

SHA1
2fe405f89134e0bcfa22342729ce1aa344be2d24

SHA256
a995e2b002ad61a7949a025415ec2b6f64a3caa4a4a1a7e9629a00b974983187

SHA512
4305896fa2fddd60d25cc6cb9d795c3a3bac52b1859d607e43ed79baace9f5e4426111b5eb9f8461d06e0b286d7038a24371ab9b648c84243318b430232fba26

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
aa0af8e06845586b333e103f4e119cd2

SHA1
3f6b5c5c44172c881395da0d97f2c2f4a5f37507

SHA256
be278c3eafe37374d0a37dd07f960562e06e10c750054ebbc91137b800878d8a

SHA512
292a1c6cd8850dfc2eeb78538a3b4aef83c9ddbb063b97b1737f6ab5b3ba7c0db7d8fb59dd763ef611f49c64d0820cc105f465e68126c4648f786f6ee40819a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
200ee214a84ce423ef2e55a8b467ae2e

SHA1
00d731e813475dd69d048b51c9df4f3e68c07fcb

SHA256
800f91ecfadfa372aeeda88cfe66fa3dc40220dd97417657bcf83e428b710ca2

SHA512
e053fa1c12784c98bd54a32c37fee6c76c5169874309f831964e293467d4a9da81569ae2b9ebd2d51d6d7ef16e3d0d0fa29860fb02ed927b53671bf2979e7c2b

Download Submit