1ed5f1593329872684062d1ca2188846c212d9a5127a820cca0d3883cecd299f

Analysis

max time kernel
145s
max time network
145s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
11/05/2024, 15:09

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

353223cb45650960c5f678c0cbc5ebe3_JaffaCakes118.html
Size

56KB
MD5

353223cb45650960c5f678c0cbc5ebe3
SHA1

a7d686523e304a86162730eb8a5ee1b65eadddd9
SHA256

1ed5f1593329872684062d1ca2188846c212d9a5127a820cca0d3883cecd299f
SHA512

8b138c826f7ffb499c5a63e26a034882bf08bf49c99f6469529a665e077c04f91ccb3d880b37b531dea68f1eb8a2d4d939eae46dea59d5267a426ef9c28c8523
SSDEEP

1536:8Y+iU4rTGq/FqYnjUkBAo30qavDZaMkvww26r8rY:8DXILGvD02Ez

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2904	msedge.exe
2904	msedge.exe
468	msedge.exe
468	msedge.exe
4376	identity_helper.exe
4376	identity_helper.exe
4492	msedge.exe
4492	msedge.exe
4492	msedge.exe
4492	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 468 wrote to memory of 5096	468	msedge.exe	83
PID 468 wrote to memory of 5096	468	msedge.exe	83
PID 468 wrote to memory of 3712	468	msedge.exe	84
PID 468 wrote to memory of 3712	468	msedge.exe	84
PID 468 wrote to memory of 3712	468	msedge.exe	84
PID 468 wrote to memory of 3712	468	msedge.exe	84
PID 468 wrote to memory of 3712	468	msedge.exe	84
PID 468 wrote to memory of 3712	468	msedge.exe	84
PID 468 wrote to memory of 3712	468	msedge.exe	84
PID 468 wrote to memory of 3712	468	msedge.exe	84
PID 468 wrote to memory of 3712	468	msedge.exe	84
PID 468 wrote to memory of 3712	468	msedge.exe	84
PID 468 wrote to memory of 3712	468	msedge.exe	84
PID 468 wrote to memory of 3712	468	msedge.exe	84
PID 468 wrote to memory of 3712	468	msedge.exe	84
PID 468 wrote to memory of 3712	468	msedge.exe	84
PID 468 wrote to memory of 3712	468	msedge.exe	84
PID 468 wrote to memory of 3712	468	msedge.exe	84
PID 468 wrote to memory of 3712	468	msedge.exe	84
PID 468 wrote to memory of 3712	468	msedge.exe	84
PID 468 wrote to memory of 3712	468	msedge.exe	84
PID 468 wrote to memory of 3712	468	msedge.exe	84
PID 468 wrote to memory of 3712	468	msedge.exe	84
PID 468 wrote to memory of 3712	468	msedge.exe	84
PID 468 wrote to memory of 3712	468	msedge.exe	84
PID 468 wrote to memory of 3712	468	msedge.exe	84
PID 468 wrote to memory of 3712	468	msedge.exe	84
PID 468 wrote to memory of 3712	468	msedge.exe	84
PID 468 wrote to memory of 3712	468	msedge.exe	84
PID 468 wrote to memory of 3712	468	msedge.exe	84
PID 468 wrote to memory of 3712	468	msedge.exe	84
PID 468 wrote to memory of 3712	468	msedge.exe	84
PID 468 wrote to memory of 3712	468	msedge.exe	84
PID 468 wrote to memory of 3712	468	msedge.exe	84
PID 468 wrote to memory of 3712	468	msedge.exe	84
PID 468 wrote to memory of 3712	468	msedge.exe	84
PID 468 wrote to memory of 3712	468	msedge.exe	84
PID 468 wrote to memory of 3712	468	msedge.exe	84
PID 468 wrote to memory of 3712	468	msedge.exe	84
PID 468 wrote to memory of 3712	468	msedge.exe	84
PID 468 wrote to memory of 3712	468	msedge.exe	84
PID 468 wrote to memory of 3712	468	msedge.exe	84
PID 468 wrote to memory of 2904	468	msedge.exe	85
PID 468 wrote to memory of 2904	468	msedge.exe	85
PID 468 wrote to memory of 3412	468	msedge.exe	86
PID 468 wrote to memory of 3412	468	msedge.exe	86
PID 468 wrote to memory of 3412	468	msedge.exe	86
PID 468 wrote to memory of 3412	468	msedge.exe	86
PID 468 wrote to memory of 3412	468	msedge.exe	86
PID 468 wrote to memory of 3412	468	msedge.exe	86
PID 468 wrote to memory of 3412	468	msedge.exe	86
PID 468 wrote to memory of 3412	468	msedge.exe	86
PID 468 wrote to memory of 3412	468	msedge.exe	86
PID 468 wrote to memory of 3412	468	msedge.exe	86
PID 468 wrote to memory of 3412	468	msedge.exe	86
PID 468 wrote to memory of 3412	468	msedge.exe	86
PID 468 wrote to memory of 3412	468	msedge.exe	86
PID 468 wrote to memory of 3412	468	msedge.exe	86
PID 468 wrote to memory of 3412	468	msedge.exe	86
PID 468 wrote to memory of 3412	468	msedge.exe	86
PID 468 wrote to memory of 3412	468	msedge.exe	86
PID 468 wrote to memory of 3412	468	msedge.exe	86
PID 468 wrote to memory of 3412	468	msedge.exe	86
PID 468 wrote to memory of 3412	468	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\353223cb45650960c5f678c0cbc5ebe3_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffed0d246f8,0x7ffed0d24708,0x7ffed0d24718
  2⤵
  PID:5096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,4429557313231324767,18188899873347068141,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2188 /prefetch:2
  2⤵
  PID:3712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2064,4429557313231324767,18188899873347068141,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2064,4429557313231324767,18188899873347068141,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2836 /prefetch:8
  2⤵
  PID:3412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,4429557313231324767,18188899873347068141,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
  2⤵
  PID:924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,4429557313231324767,18188899873347068141,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:4088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,4429557313231324767,18188899873347068141,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6100 /prefetch:1
  2⤵
  PID:4000
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,4429557313231324767,18188899873347068141,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5356 /prefetch:8
  2⤵
  PID:3536
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,4429557313231324767,18188899873347068141,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5356 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,4429557313231324767,18188899873347068141,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5864 /prefetch:1
  2⤵
  PID:1092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,4429557313231324767,18188899873347068141,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5804 /prefetch:1
  2⤵
  PID:1656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,4429557313231324767,18188899873347068141,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5044 /prefetch:1
  2⤵
  PID:4888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,4429557313231324767,18188899873347068141,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5088 /prefetch:1
  2⤵
  PID:4392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,4429557313231324767,18188899873347068141,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4968 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4492

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4880

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4608

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1ac52e2503cc26baee4322f02f5b8d9c

SHA1
38e0cee911f5f2a24888a64780ffdf6fa72207c8

SHA256
f65058c6f1a745b37a64d4c97a8e8ee940210273130cec97a67f568088b5d4d4

SHA512
7670d606bc5197ecb7db3ddaecd6f74a80e6decae92b94e0e8145a7f463fa099058e89f9dfa1c45b9197c36e5e21994698186a2ec970bbdb0937fe28ca46a834

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b2a1398f937474c51a48b347387ee36a

SHA1
922a8567f09e68a04233e84e5919043034635949

SHA256
2dc0bf08246ddd5a32288c895d676017578d792349ca437b1b36e7b2f0ade6d6

SHA512
4a660c0549f7a850e07d8d36dab33121af02a7bd7e9b2f0137930b4c8cd89b6c5630e408f882684e6935dcb0d5cb5e01a854950eeda252a4881458cafcc7ef7c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
d08531811b67a5e831fd58c021481507

SHA1
ee803f6a74d3621fa8dcbd49e1ff00b71fa86765

SHA256
451296c9e638d55eb1f541d5e069340a481696b23a1ce63df8b71bd45bb7cdc6

SHA512
5794c2fedf9dba20a20733502ba12eda7acb7c24869db7a4564ea359874dd72503ca806e3882679cf94ef5362a9d89fc93c3727eecad6c2e67964bf4763897a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
588B

MD5
cc63b6eae3dcac0ba3b702cc9caaa1b8

SHA1
cb67aaaa42a1d3c3597b22fcd4118cc14e0c885c

SHA256
16afa842beccf06fca7b58b2e8a053398a985f7ea6310fb2d5386562f7a5edfe

SHA512
55a2889f3e2c3092377974e68bd841a44dcb5ed8aa615d50c2df76d17d844684767e0eafe622c20d707bf78cb3eed016670e7da2e88e4c3859685e2806d5be7e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a36fa50581494e6959bf45326597ef96

SHA1
a4913e812344b81cbe19e14ae3d044401038a971

SHA256
58093add200e9feb84259ca60055c193330cd48a9d126ca9ea76674e93ee4d14

SHA512
18126ecdf7c0a7b6aa2f2f66b0fa682d043c26362ae04153b22feae87d335d3842de0581e8f37f2e57374387700c6557106bed8b4b723ae48b9e5f6e2a6f634a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
a3f24f44666495fdd9f604ddaae561ab

SHA1
9c59b7bf1550ce8158100005caacc7141abeb96d

SHA256
161c60c10514dff48ac582ca78495872f726330fb86f6bf16e4cd94d066620b1

SHA512
eff58b2fc9a021f009633311643f5536bd4491a8ebbe5d1c86732ac2c03d815dd3e331edf9c94395c09a7fa15005e293644bed8a9fa1de17bd448cd08b9b6a78

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ac04c97465b591bb565356b0f9cd3660

SHA1
e08a56912f5db38b4bfacf7b45b2e25d37537ad6

SHA256
0a02d1b051a07ff036eb47bdb79f72dcf96421e07ccd423e314b2f8362bbf58f

SHA512
ea127bdfe4816954abb06249a9ecd490cf2ffa62f3d193ae314423eeb7621b512cda48183937ed95e9b955dc61fd57af30f469e11c528895dd53df81c243f526

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
706B

MD5
ff87d49ed185ae9e365e3f5c1f8ed653

SHA1
4b941493f47f63253067566ce63fd77497e5800a

SHA256
bf4176d2726519f9935b830d685c3d705d9e3a7bb0da6fdd841c236c314469e8

SHA512
81e4ec29ad379ff8809837a670b2928f544c3c71c016caaf9beb4a095db3a2835f71d3a5072800de935def1d2b58735fcdba10a78fb958985f65018b97379137

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57f79e.TMP

Filesize
706B

MD5
25dc19faa9022a85ad3a25eafcc503bf

SHA1
b21dd32de01366edd4474d97c85ae894dac8c703

SHA256
c3c5089086ecf7a31740d045c354c717054a1ac883db3db11cf3c0fa38548c79

SHA512
2a7da577810b0ac38fd12ffd782845beb42ef7c50d2df3006b2b4e0150bd7779873160d83f9c9cc5dbd1debb8a886686c9e11102d0dab041ff606ab8eadcb84d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
1bdeb075b4c2382a06038c397d758dc6

SHA1
1897be40cbe18392e5db75a4d5c228d61d65c333

SHA256
291085b70c5dcf36cc5510bf26755be74590d0f737ad813c1fdf98b50beae64d

SHA512
0b085a8d1ae271358617c9bc7a2d4a50c106b6231252ce2addc652b2cd5e27ef674e3e5a746773936c057fb2b3b9ac0ea31b543f79599e2d30c4ac67a0e4fdde

Download Submit