249d4d6d790152e7fa03f0c9d9c048d371166c6e3d459bfc09a86bfcebc95da4

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
04/06/2024, 06:41

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

93e6542c7c7d71e083841e878ca12420_JaffaCakes118.html
Size

217KB
MD5

93e6542c7c7d71e083841e878ca12420
SHA1

51799c570891cdfcd7664905cb3876fc418a18b2
SHA256

249d4d6d790152e7fa03f0c9d9c048d371166c6e3d459bfc09a86bfcebc95da4
SHA512

759362785166391a6c30cbd55a9b0434a681cdd0bfee69ffd8d1f01fdce4641da3494147c4909d1f3f08f64e6a523ada729e3866ee40b12a5e3bade123a9ec34
SSDEEP

6144:/Jta3tc+fiyUlyoAAVYpSzFI0XIVt8Yr7L:Bta3tc+ftzoAAVYpSzFI0XIVt8Yr7L

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
688	msedge.exe
688	msedge.exe
3116	msedge.exe
3116	msedge.exe
4528	identity_helper.exe
4528	identity_helper.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3116 wrote to memory of 1840	3116	msedge.exe	81
PID 3116 wrote to memory of 1840	3116	msedge.exe	81
PID 3116 wrote to memory of 3296	3116	msedge.exe	82
PID 3116 wrote to memory of 3296	3116	msedge.exe	82
PID 3116 wrote to memory of 3296	3116	msedge.exe	82
PID 3116 wrote to memory of 3296	3116	msedge.exe	82
PID 3116 wrote to memory of 3296	3116	msedge.exe	82
PID 3116 wrote to memory of 3296	3116	msedge.exe	82
PID 3116 wrote to memory of 3296	3116	msedge.exe	82
PID 3116 wrote to memory of 3296	3116	msedge.exe	82
PID 3116 wrote to memory of 3296	3116	msedge.exe	82
PID 3116 wrote to memory of 3296	3116	msedge.exe	82
PID 3116 wrote to memory of 3296	3116	msedge.exe	82
PID 3116 wrote to memory of 3296	3116	msedge.exe	82
PID 3116 wrote to memory of 3296	3116	msedge.exe	82
PID 3116 wrote to memory of 3296	3116	msedge.exe	82
PID 3116 wrote to memory of 3296	3116	msedge.exe	82
PID 3116 wrote to memory of 3296	3116	msedge.exe	82
PID 3116 wrote to memory of 3296	3116	msedge.exe	82
PID 3116 wrote to memory of 3296	3116	msedge.exe	82
PID 3116 wrote to memory of 3296	3116	msedge.exe	82
PID 3116 wrote to memory of 3296	3116	msedge.exe	82
PID 3116 wrote to memory of 3296	3116	msedge.exe	82
PID 3116 wrote to memory of 3296	3116	msedge.exe	82
PID 3116 wrote to memory of 3296	3116	msedge.exe	82
PID 3116 wrote to memory of 3296	3116	msedge.exe	82
PID 3116 wrote to memory of 3296	3116	msedge.exe	82
PID 3116 wrote to memory of 3296	3116	msedge.exe	82
PID 3116 wrote to memory of 3296	3116	msedge.exe	82
PID 3116 wrote to memory of 3296	3116	msedge.exe	82
PID 3116 wrote to memory of 3296	3116	msedge.exe	82
PID 3116 wrote to memory of 3296	3116	msedge.exe	82
PID 3116 wrote to memory of 3296	3116	msedge.exe	82
PID 3116 wrote to memory of 3296	3116	msedge.exe	82
PID 3116 wrote to memory of 3296	3116	msedge.exe	82
PID 3116 wrote to memory of 3296	3116	msedge.exe	82
PID 3116 wrote to memory of 3296	3116	msedge.exe	82
PID 3116 wrote to memory of 3296	3116	msedge.exe	82
PID 3116 wrote to memory of 3296	3116	msedge.exe	82
PID 3116 wrote to memory of 3296	3116	msedge.exe	82
PID 3116 wrote to memory of 3296	3116	msedge.exe	82
PID 3116 wrote to memory of 3296	3116	msedge.exe	82
PID 3116 wrote to memory of 688	3116	msedge.exe	83
PID 3116 wrote to memory of 688	3116	msedge.exe	83
PID 3116 wrote to memory of 1836	3116	msedge.exe	84
PID 3116 wrote to memory of 1836	3116	msedge.exe	84
PID 3116 wrote to memory of 1836	3116	msedge.exe	84
PID 3116 wrote to memory of 1836	3116	msedge.exe	84
PID 3116 wrote to memory of 1836	3116	msedge.exe	84
PID 3116 wrote to memory of 1836	3116	msedge.exe	84
PID 3116 wrote to memory of 1836	3116	msedge.exe	84
PID 3116 wrote to memory of 1836	3116	msedge.exe	84
PID 3116 wrote to memory of 1836	3116	msedge.exe	84
PID 3116 wrote to memory of 1836	3116	msedge.exe	84
PID 3116 wrote to memory of 1836	3116	msedge.exe	84
PID 3116 wrote to memory of 1836	3116	msedge.exe	84
PID 3116 wrote to memory of 1836	3116	msedge.exe	84
PID 3116 wrote to memory of 1836	3116	msedge.exe	84
PID 3116 wrote to memory of 1836	3116	msedge.exe	84
PID 3116 wrote to memory of 1836	3116	msedge.exe	84
PID 3116 wrote to memory of 1836	3116	msedge.exe	84
PID 3116 wrote to memory of 1836	3116	msedge.exe	84
PID 3116 wrote to memory of 1836	3116	msedge.exe	84
PID 3116 wrote to memory of 1836	3116	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\93e6542c7c7d71e083841e878ca12420_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa604a46f8,0x7ffa604a4708,0x7ffa604a4718
  2⤵
  PID:1840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,15621481510862696965,17097300642029957366,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2060 /prefetch:2
  2⤵
  PID:3296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,15621481510862696965,17097300642029957366,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2080,15621481510862696965,17097300642029957366,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2776 /prefetch:8
  2⤵
  PID:1836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,15621481510862696965,17097300642029957366,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3092 /prefetch:1
  2⤵
  PID:412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,15621481510862696965,17097300642029957366,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3132 /prefetch:1
  2⤵
  PID:5004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,15621481510862696965,17097300642029957366,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5104 /prefetch:1
  2⤵
  PID:3940
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,15621481510862696965,17097300642029957366,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5712 /prefetch:8
  2⤵
  PID:3760
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,15621481510862696965,17097300642029957366,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5712 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,15621481510862696965,17097300642029957366,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5528 /prefetch:1
  2⤵
  PID:5092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,15621481510862696965,17097300642029957366,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5540 /prefetch:1
  2⤵
  PID:984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,15621481510862696965,17097300642029957366,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4168 /prefetch:1
  2⤵
  PID:5060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,15621481510862696965,17097300642029957366,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5280 /prefetch:1
  2⤵
  PID:4304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,15621481510862696965,17097300642029957366,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5252 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4624

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2136

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1252

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2daa93382bba07cbc40af372d30ec576

SHA1
c5e709dc3e2e4df2ff841fbde3e30170e7428a94

SHA256
1826d2a57b1938c148bf212a47d947ed1bfb26cfc55868931f843ee438117f30

SHA512
65635cb59c81548a9ef8fdb0942331e7f3cd0c30ce1d4dba48aed72dbb27b06511a55d2aeaadfadbbb4b7cb4b2e2772bbabba9603b3f7d9c8b9e4a7fbf3d6b6b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ecdc2754d7d2ae862272153aa9b9ca6e

SHA1
c19bed1c6e1c998b9fa93298639ad7961339147d

SHA256
a13d791473f836edcab0e93451ce7b7182efbbc54261b2b5644d319e047a00a7

SHA512
cd4fb81317d540f8b15f1495a381bb6f0f129b8923a7c06e4b5cf777d2625c30304aee6cc68aa20479e08d84e5030b43fbe93e479602400334dfdd7297f702f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
480B

MD5
2e792f190c9981dd6e477855e81587a8

SHA1
711f6394afafd336f866b5e5db9facd8c3d56b24

SHA256
69f5b86790d8b79aa3bfbcf3e8613aa63e71137ab13fa8b8c62fd3e47fadec5f

SHA512
0cb27bff0003e6288eba4feff0191dbae6cc434266bbd9808ca86586ef7e5dbfedb4d67d54a1d6bec4820476d29c9a4cefa9407b4bb1ab6bec1c5772369ecf74

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e9832fba4015b39d67698ca215486639

SHA1
08376409bd2f9a1b63cc79ae1a6143302f8f32ed

SHA256
69624be56524e68eb9ec15ab900008c3f4fe5ce40f689f65105ffd05165c952e

SHA512
5770ac0db22dd1a20dc2f9089ee820779df758d2c15b1ffed00787e6fd8c147438df1a778de9797028f2a24089cb657429f0afc007915dec524ced60a8f59a8b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
e8ecddf7b7f58a6a8f5449185818427e

SHA1
732c0d6b7a8ecf8066cd9e473729021d1b69650f

SHA256
ed517da60221d826ee8f67b311786849f8682721248c2c49b29b46e3739e6a41

SHA512
d10fbf94c2572db57cc5c40a1848f27986ee1e69d53c6bfd4e64a4a47ebdd7f191f74bbaab393b3489c1ff0b6ea661cb1f2a06534abbe86c10079c2b46674175

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
91c3ef45977d417980bbea937d0a34f3

SHA1
e5b9f5af15847aefcbc6af4df78251c3adff3e6a

SHA256
50457416f0463a63887f0f07f88885cbf97322413686c7eb0e6a9a493bb8281c

SHA512
79b1002a972bbbee8a6820b8ff074c65caf692c83b7c4010c15a7413d8d6fc2247f4b20c35bb344f0c46f16c0d58c537065329b74eb91321eb0a5fee04c11f83

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
abcad697bba4edd16465d71e89589c33

SHA1
ee976b45634a811f276f1737e244de5a275be68e

SHA256
544289087c55ff19a55b6bce0c3659f174545fff7858ccc4753628df0934f116

SHA512
3ef7be3b16732aa628e640bb9f832b56a67277ac0cb6da540e8ff5feae48b440892b213075ef82d4585a2326cfbeb11ed2d3c9d7619fa40658a40318f76d22fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58050c.TMP

Filesize
1KB

MD5
592c069aecda6f7831e1afbb8b5a6bd3

SHA1
4d2ad9a3988a07f62d648702c0dbe8b60479f967

SHA256
006f49b6142a67f08067bd9a9bf223340a2c14cbf1dcab26a4826c064d86e106

SHA512
c534eab8860facbf90812e30e33f918d23e88590764b3268ed5bd3f0f7782b241601e4faf7a0da2470a2d22e8941dcd0214acb1cb624a80cc3c55170a0b09674

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
64717d1f0b964d2e93a7919fde8ef73c

SHA1
e52a7ecddd3f4c98f70f995c984dee77a27ec393

SHA256
7f509fe55e2e4c694fb9bc05b7ea058379a553b460aeea7b7a9f16cf875fc7d7

SHA512
cb9e2f5cdb11f9d1a9290554e2a6f54987a8d1889c296e009fb16d8ed2be8b103f1b6ef8cc08f8ec3620ce7b49e89eed5291fe618c62728b798c67e259b8a87e

Download Submit