428df80e9eeb261679714606248ba74400964bf5a31140a776a0bfff47aa0a24

Analysis

max time kernel
142s
max time network
138s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
20/05/2024, 08:31

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

5e1dbb610682be9b7cf893b4efd81ee8_JaffaCakes118.html
Size

41KB
MD5

5e1dbb610682be9b7cf893b4efd81ee8
SHA1

b6407a66aecb98d3417a05cd408c2a6872003c91
SHA256

428df80e9eeb261679714606248ba74400964bf5a31140a776a0bfff47aa0a24
SHA512

6f20e97703bfec3086d8a210636beb81018cb51a29087c25cfb060e66b585f77f09692866b914b5fd17bde45e5bed10f72e9f5e179f4a12f9493404c69ae661a
SSDEEP

768:ZS/Z6jIwaHzjoFZFBCnF5EddRFYQAp6Qh+DiJrEx:g/Z6jI1zMZFBCnF54RFYQiB+DiJrEx

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1084	msedge.exe
1084	msedge.exe
1544	msedge.exe
1544	msedge.exe
736	identity_helper.exe
736	identity_helper.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
1544	msedge.exe
1544	msedge.exe
1544	msedge.exe
1544	msedge.exe
1544	msedge.exe
1544	msedge.exe
1544	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1544	msedge.exe
1544	msedge.exe
1544	msedge.exe
1544	msedge.exe
1544	msedge.exe
1544	msedge.exe
1544	msedge.exe
1544	msedge.exe
1544	msedge.exe
1544	msedge.exe
1544	msedge.exe
1544	msedge.exe
1544	msedge.exe
1544	msedge.exe
1544	msedge.exe
1544	msedge.exe
1544	msedge.exe
1544	msedge.exe
1544	msedge.exe
1544	msedge.exe
1544	msedge.exe
1544	msedge.exe
1544	msedge.exe
1544	msedge.exe
1544	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1544	msedge.exe
1544	msedge.exe
1544	msedge.exe
1544	msedge.exe
1544	msedge.exe
1544	msedge.exe
1544	msedge.exe
1544	msedge.exe
1544	msedge.exe
1544	msedge.exe
1544	msedge.exe
1544	msedge.exe
1544	msedge.exe
1544	msedge.exe
1544	msedge.exe
1544	msedge.exe
1544	msedge.exe
1544	msedge.exe
1544	msedge.exe
1544	msedge.exe
1544	msedge.exe
1544	msedge.exe
1544	msedge.exe
1544	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1544 wrote to memory of 5104	1544	msedge.exe	83
PID 1544 wrote to memory of 5104	1544	msedge.exe	83
PID 1544 wrote to memory of 5052	1544	msedge.exe	84
PID 1544 wrote to memory of 5052	1544	msedge.exe	84
PID 1544 wrote to memory of 5052	1544	msedge.exe	84
PID 1544 wrote to memory of 5052	1544	msedge.exe	84
PID 1544 wrote to memory of 5052	1544	msedge.exe	84
PID 1544 wrote to memory of 5052	1544	msedge.exe	84
PID 1544 wrote to memory of 5052	1544	msedge.exe	84
PID 1544 wrote to memory of 5052	1544	msedge.exe	84
PID 1544 wrote to memory of 5052	1544	msedge.exe	84
PID 1544 wrote to memory of 5052	1544	msedge.exe	84
PID 1544 wrote to memory of 5052	1544	msedge.exe	84
PID 1544 wrote to memory of 5052	1544	msedge.exe	84
PID 1544 wrote to memory of 5052	1544	msedge.exe	84
PID 1544 wrote to memory of 5052	1544	msedge.exe	84
PID 1544 wrote to memory of 5052	1544	msedge.exe	84
PID 1544 wrote to memory of 5052	1544	msedge.exe	84
PID 1544 wrote to memory of 5052	1544	msedge.exe	84
PID 1544 wrote to memory of 5052	1544	msedge.exe	84
PID 1544 wrote to memory of 5052	1544	msedge.exe	84
PID 1544 wrote to memory of 5052	1544	msedge.exe	84
PID 1544 wrote to memory of 5052	1544	msedge.exe	84
PID 1544 wrote to memory of 5052	1544	msedge.exe	84
PID 1544 wrote to memory of 5052	1544	msedge.exe	84
PID 1544 wrote to memory of 5052	1544	msedge.exe	84
PID 1544 wrote to memory of 5052	1544	msedge.exe	84
PID 1544 wrote to memory of 5052	1544	msedge.exe	84
PID 1544 wrote to memory of 5052	1544	msedge.exe	84
PID 1544 wrote to memory of 5052	1544	msedge.exe	84
PID 1544 wrote to memory of 5052	1544	msedge.exe	84
PID 1544 wrote to memory of 5052	1544	msedge.exe	84
PID 1544 wrote to memory of 5052	1544	msedge.exe	84
PID 1544 wrote to memory of 5052	1544	msedge.exe	84
PID 1544 wrote to memory of 5052	1544	msedge.exe	84
PID 1544 wrote to memory of 5052	1544	msedge.exe	84
PID 1544 wrote to memory of 5052	1544	msedge.exe	84
PID 1544 wrote to memory of 5052	1544	msedge.exe	84
PID 1544 wrote to memory of 5052	1544	msedge.exe	84
PID 1544 wrote to memory of 5052	1544	msedge.exe	84
PID 1544 wrote to memory of 5052	1544	msedge.exe	84
PID 1544 wrote to memory of 5052	1544	msedge.exe	84
PID 1544 wrote to memory of 1084	1544	msedge.exe	85
PID 1544 wrote to memory of 1084	1544	msedge.exe	85
PID 1544 wrote to memory of 4008	1544	msedge.exe	86
PID 1544 wrote to memory of 4008	1544	msedge.exe	86
PID 1544 wrote to memory of 4008	1544	msedge.exe	86
PID 1544 wrote to memory of 4008	1544	msedge.exe	86
PID 1544 wrote to memory of 4008	1544	msedge.exe	86
PID 1544 wrote to memory of 4008	1544	msedge.exe	86
PID 1544 wrote to memory of 4008	1544	msedge.exe	86
PID 1544 wrote to memory of 4008	1544	msedge.exe	86
PID 1544 wrote to memory of 4008	1544	msedge.exe	86
PID 1544 wrote to memory of 4008	1544	msedge.exe	86
PID 1544 wrote to memory of 4008	1544	msedge.exe	86
PID 1544 wrote to memory of 4008	1544	msedge.exe	86
PID 1544 wrote to memory of 4008	1544	msedge.exe	86
PID 1544 wrote to memory of 4008	1544	msedge.exe	86
PID 1544 wrote to memory of 4008	1544	msedge.exe	86
PID 1544 wrote to memory of 4008	1544	msedge.exe	86
PID 1544 wrote to memory of 4008	1544	msedge.exe	86
PID 1544 wrote to memory of 4008	1544	msedge.exe	86
PID 1544 wrote to memory of 4008	1544	msedge.exe	86
PID 1544 wrote to memory of 4008	1544	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\5e1dbb610682be9b7cf893b4efd81ee8_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdbd8946f8,0x7ffdbd894708,0x7ffdbd894718
  2⤵
  PID:5104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,9538016189227589333,7412706685375356302,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2184 /prefetch:2
  2⤵
  PID:5052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2064,9538016189227589333,7412706685375356302,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2316 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2064,9538016189227589333,7412706685375356302,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2840 /prefetch:8
  2⤵
  PID:4008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,9538016189227589333,7412706685375356302,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1
  2⤵
  PID:3236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,9538016189227589333,7412706685375356302,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1
  2⤵
  PID:1404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,9538016189227589333,7412706685375356302,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1296 /prefetch:1
  2⤵
  PID:5008
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,9538016189227589333,7412706685375356302,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6012 /prefetch:8
  2⤵
  PID:880
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,9538016189227589333,7412706685375356302,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6012 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,9538016189227589333,7412706685375356302,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5788 /prefetch:1
  2⤵
  PID:1956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,9538016189227589333,7412706685375356302,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5792 /prefetch:1
  2⤵
  PID:3360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,9538016189227589333,7412706685375356302,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5416 /prefetch:1
  2⤵
  PID:1640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,9538016189227589333,7412706685375356302,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2816 /prefetch:1
  2⤵
  PID:3940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,9538016189227589333,7412706685375356302,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6008 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3368

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4136

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2564

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ce4c898f8fc7601e2fbc252fdadb5115

SHA1
01bf06badc5da353e539c7c07527d30dccc55a91

SHA256
bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa

SHA512
80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4158365912175436289496136e7912c2

SHA1
813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59

SHA256
354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1

SHA512
74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
06cf0733be0ab3b127b7e5cf98ccb75f

SHA1
34a41daaa158d8ce53f3cbaa4e1d91d7a654008a

SHA256
b673ddc5aa74aeed21aa1431846db106fd487ea070ab88d47f9dd37102d8caa4

SHA512
41ef3b10743f102b49a39a4dca5ac62ebac1bc16d2ed77e8943e2522f4cd3b88544067ab1bad069cf4c516012423ea0d39aceb2d05e097b07595a7e95bb62425

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
908B

MD5
6fee778146dbf86b9b80e51e2cf22026

SHA1
29e2e3b4082a7817cd7d7e2eda4cf2af83e8bd2f

SHA256
0e219177364667ecc22fe2a721ae6a08ee6d2ea773cfb2c832b8709924f0e6be

SHA512
886d28c68725ab6c4f117fa8e0932ede2e082cc321c8fc6bfbea33f2100f4e971a990be5774fa1aedb7a36f4dad06023c621d42a33cf704b38eec243de05ace9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
939B

MD5
bb41799c7c8962c7b9cec60fbde2e13d

SHA1
27dae6547355875fdf34ddfb0fd32f01ace29f6a

SHA256
454b786aa067821a05e9df084f7612631b954ef264ed46bd0258fa5dfa45e222

SHA512
9d4db020d47b7c842b483b042f537db98d7529a43298a43e670344de69283c73f8937e294b88627dd3a3c5086bc61a0778bb7ae82aa2cf4499e8220ffaf0dabd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
9f69587ed9ec90974e7ba619941ea219

SHA1
db871927dbc4dbfe122fbf415c80c37e263694d9

SHA256
6843850d25c0bd08984333655b2bb406592371498b29b0aa82dbcd8aefda3a8b

SHA512
c8ba16280d24ae453c67b892aa72b3eb5c9208c4de548eea1a47946d06118de9e85962cc5a333bc02fa48d09ce5b84d0b28c662db9bed489175e3164b48afef9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
856f01a1c7cc8921ccf649c3e9ff8720

SHA1
8945abb8f0dea4e831c01f70f48799d0c4ead10c

SHA256
83f2ed48b728e826ccf4d20f5abff0f6a0004867a85542051a114976a627c992

SHA512
a06044637fa0792efd3848e102296a63ecdf86629c9fc3d0de95a7083b142bb2e336da9d5697ebd562a63ccdd458c743c326e9e5e2afa7a77972b698728224db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
41f24adb69f3eca17c319b61cd524540

SHA1
0119e609baf6bc17c49159e8b637f03244389283

SHA256
980ea4ee2f9c85904721b1acd5fd35bfc2b8dffb1afd8e8185804ccd34f4b234

SHA512
bc8b34ef54385166dda9a32dc4fc47938926e5e2665073c1c7aae0ad741a0eb3bbc880c22d323b50037b057568439f21f141bcde371252995385d4a0b96c189c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
6f2b61ec42344f21d4ea086ba699aa9a

SHA1
96a6c02b13ab55045ac08e7594924711ea09861e

SHA256
15cef1398ee6936629b57d3b533edb5c504f14ffbf8916b44a358bd395abc279

SHA512
042b9db046cc97b6904725d071ae0b144ab14154d3dd17717d5f59b97036c94ef35699586b9f82c206f822759ae2839a146b2d17d2adb4e86cd14e0ac1cc5143

Download Submit