bd1adf87ea28e3360a9cd54cffeee7929b3526fa601a1246dd50c8d804f0bf4c

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
04/06/2024, 06:49

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

93eb7890e9755e77fa44128eb1d7b3f2_JaffaCakes118.html
Size

53KB
MD5

93eb7890e9755e77fa44128eb1d7b3f2
SHA1

af3ff54463b590d4de912f67598f84001031f0a9
SHA256

bd1adf87ea28e3360a9cd54cffeee7929b3526fa601a1246dd50c8d804f0bf4c
SHA512

b39979797e2909fc4046ac1e405a67fadedb04550df4011f12964a0094e415a8e54ffd5b68682cc25221b7344596e97f605396391ad98228682f2f3a92f2ed9d
SSDEEP

768:j+hpHvvCIoohu0bnoZhaeM8rP2bqz/6FdkEgVf:j+DHv7o2u0UZhaerbH6FdG

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
856	msedge.exe
856	msedge.exe
1816	msedge.exe
1816	msedge.exe
2408	identity_helper.exe
2408	identity_helper.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
1816	msedge.exe
1816	msedge.exe
1816	msedge.exe
1816	msedge.exe
1816	msedge.exe
1816	msedge.exe
1816	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1816	msedge.exe
1816	msedge.exe
1816	msedge.exe
1816	msedge.exe
1816	msedge.exe
1816	msedge.exe
1816	msedge.exe
1816	msedge.exe
1816	msedge.exe
1816	msedge.exe
1816	msedge.exe
1816	msedge.exe
1816	msedge.exe
1816	msedge.exe
1816	msedge.exe
1816	msedge.exe
1816	msedge.exe
1816	msedge.exe
1816	msedge.exe
1816	msedge.exe
1816	msedge.exe
1816	msedge.exe
1816	msedge.exe
1816	msedge.exe
1816	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1816	msedge.exe
1816	msedge.exe
1816	msedge.exe
1816	msedge.exe
1816	msedge.exe
1816	msedge.exe
1816	msedge.exe
1816	msedge.exe
1816	msedge.exe
1816	msedge.exe
1816	msedge.exe
1816	msedge.exe
1816	msedge.exe
1816	msedge.exe
1816	msedge.exe
1816	msedge.exe
1816	msedge.exe
1816	msedge.exe
1816	msedge.exe
1816	msedge.exe
1816	msedge.exe
1816	msedge.exe
1816	msedge.exe
1816	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1816 wrote to memory of 2624	1816	msedge.exe	84
PID 1816 wrote to memory of 2624	1816	msedge.exe	84
PID 1816 wrote to memory of 4516	1816	msedge.exe	85
PID 1816 wrote to memory of 4516	1816	msedge.exe	85
PID 1816 wrote to memory of 4516	1816	msedge.exe	85
PID 1816 wrote to memory of 4516	1816	msedge.exe	85
PID 1816 wrote to memory of 4516	1816	msedge.exe	85
PID 1816 wrote to memory of 4516	1816	msedge.exe	85
PID 1816 wrote to memory of 4516	1816	msedge.exe	85
PID 1816 wrote to memory of 4516	1816	msedge.exe	85
PID 1816 wrote to memory of 4516	1816	msedge.exe	85
PID 1816 wrote to memory of 4516	1816	msedge.exe	85
PID 1816 wrote to memory of 4516	1816	msedge.exe	85
PID 1816 wrote to memory of 4516	1816	msedge.exe	85
PID 1816 wrote to memory of 4516	1816	msedge.exe	85
PID 1816 wrote to memory of 4516	1816	msedge.exe	85
PID 1816 wrote to memory of 4516	1816	msedge.exe	85
PID 1816 wrote to memory of 4516	1816	msedge.exe	85
PID 1816 wrote to memory of 4516	1816	msedge.exe	85
PID 1816 wrote to memory of 4516	1816	msedge.exe	85
PID 1816 wrote to memory of 4516	1816	msedge.exe	85
PID 1816 wrote to memory of 4516	1816	msedge.exe	85
PID 1816 wrote to memory of 4516	1816	msedge.exe	85
PID 1816 wrote to memory of 4516	1816	msedge.exe	85
PID 1816 wrote to memory of 4516	1816	msedge.exe	85
PID 1816 wrote to memory of 4516	1816	msedge.exe	85
PID 1816 wrote to memory of 4516	1816	msedge.exe	85
PID 1816 wrote to memory of 4516	1816	msedge.exe	85
PID 1816 wrote to memory of 4516	1816	msedge.exe	85
PID 1816 wrote to memory of 4516	1816	msedge.exe	85
PID 1816 wrote to memory of 4516	1816	msedge.exe	85
PID 1816 wrote to memory of 4516	1816	msedge.exe	85
PID 1816 wrote to memory of 4516	1816	msedge.exe	85
PID 1816 wrote to memory of 4516	1816	msedge.exe	85
PID 1816 wrote to memory of 4516	1816	msedge.exe	85
PID 1816 wrote to memory of 4516	1816	msedge.exe	85
PID 1816 wrote to memory of 4516	1816	msedge.exe	85
PID 1816 wrote to memory of 4516	1816	msedge.exe	85
PID 1816 wrote to memory of 4516	1816	msedge.exe	85
PID 1816 wrote to memory of 4516	1816	msedge.exe	85
PID 1816 wrote to memory of 4516	1816	msedge.exe	85
PID 1816 wrote to memory of 4516	1816	msedge.exe	85
PID 1816 wrote to memory of 856	1816	msedge.exe	86
PID 1816 wrote to memory of 856	1816	msedge.exe	86
PID 1816 wrote to memory of 5112	1816	msedge.exe	87
PID 1816 wrote to memory of 5112	1816	msedge.exe	87
PID 1816 wrote to memory of 5112	1816	msedge.exe	87
PID 1816 wrote to memory of 5112	1816	msedge.exe	87
PID 1816 wrote to memory of 5112	1816	msedge.exe	87
PID 1816 wrote to memory of 5112	1816	msedge.exe	87
PID 1816 wrote to memory of 5112	1816	msedge.exe	87
PID 1816 wrote to memory of 5112	1816	msedge.exe	87
PID 1816 wrote to memory of 5112	1816	msedge.exe	87
PID 1816 wrote to memory of 5112	1816	msedge.exe	87
PID 1816 wrote to memory of 5112	1816	msedge.exe	87
PID 1816 wrote to memory of 5112	1816	msedge.exe	87
PID 1816 wrote to memory of 5112	1816	msedge.exe	87
PID 1816 wrote to memory of 5112	1816	msedge.exe	87
PID 1816 wrote to memory of 5112	1816	msedge.exe	87
PID 1816 wrote to memory of 5112	1816	msedge.exe	87
PID 1816 wrote to memory of 5112	1816	msedge.exe	87
PID 1816 wrote to memory of 5112	1816	msedge.exe	87
PID 1816 wrote to memory of 5112	1816	msedge.exe	87
PID 1816 wrote to memory of 5112	1816	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\93eb7890e9755e77fa44128eb1d7b3f2_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa5c0e46f8,0x7ffa5c0e4708,0x7ffa5c0e4718
  2⤵
  PID:2624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2012,8542476633443520950,10364809694938930434,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2044 /prefetch:2
  2⤵
  PID:4516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2012,8542476633443520950,10364809694938930434,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2448 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2012,8542476633443520950,10364809694938930434,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2724 /prefetch:8
  2⤵
  PID:5112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,8542476633443520950,10364809694938930434,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:2264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,8542476633443520950,10364809694938930434,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:2024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,8542476633443520950,10364809694938930434,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4708 /prefetch:1
  2⤵
  PID:4184
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2012,8542476633443520950,10364809694938930434,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2644 /prefetch:8
  2⤵
  PID:3788
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2012,8542476633443520950,10364809694938930434,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2644 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,8542476633443520950,10364809694938930434,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5816 /prefetch:1
  2⤵
  PID:4172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,8542476633443520950,10364809694938930434,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5836 /prefetch:1
  2⤵
  PID:216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,8542476633443520950,10364809694938930434,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4608 /prefetch:1
  2⤵
  PID:3032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,8542476633443520950,10364809694938930434,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5628 /prefetch:1
  2⤵
  PID:948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2012,8542476633443520950,10364809694938930434,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6056 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1848

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1472

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3008

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ce4c898f8fc7601e2fbc252fdadb5115

SHA1
01bf06badc5da353e539c7c07527d30dccc55a91

SHA256
bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa

SHA512
80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4158365912175436289496136e7912c2

SHA1
813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59

SHA256
354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1

SHA512
74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
395d56a2ab16e3ccfd1ac19c59c1c3e0

SHA1
cc7ad4c644a646ba97b34de3a425789053e43860

SHA256
32dbdc25d32ee61b895a2c843826e04c8ca1e7fb5da35aab70dce5c0dc313352

SHA512
c1e395dbd8a9babb361d232f946a8ea411c0c1fca68b052dbd530e439bb7bf5674d440122c33096571b12a0af2535ffaf1f56478635ee61366c95f12c4052884

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
03a4675b842cd2b4219fb5dde9fbac75

SHA1
1c1d3edcb7972ed557035755e0097ff96ba4588e

SHA256
e85d0006a9fd5d489fdbaa4e7ef03df3923641a0471a87dbb7f6c7ed0679f4c3

SHA512
d62bccd186e90c74f3fef7efcdf14d619d79d44d8b7797ef1726657ed3af85b456c1e5d2d15fb9484d9bef2ae112877a37f6ce30a4628490e22b3f8b711d716b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
7dd0a252055711302522d051611f583b

SHA1
781e50d18621d4a3a43a64d3dacdfab6865bee96

SHA256
57ef3ac4921c4f49a5bd6cfa49ea204d9a62f87f123318ad272082f9b9981c81

SHA512
e89533e2470a95196d39a1d627a12e281ff51ac5d094c2fe8029717acdb4c7177fef8110305fae1dacccea43cc464d925085ef24687f856257ab91b5e51b4710

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ec592345bc793eda3cee9919a886529f

SHA1
315df755e55572d7a1a35306434a886c8c380094

SHA256
b8615920397a944b40bbeaf728b2ba564ab3dd545a02c04823df44430a873f2a

SHA512
2436b8cfc7bd93a9572ef8068b4555caf24c9fcb52ce62ed7820ea5c85af62e0d06d8c73180a1294ab7e91b171f3b4f9fcb4fecf4a9897e09e53150af19ab4b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d6b62f9aa9e723ef538be2f4fe2e8d2c

SHA1
3c1fd83c7d8fcb9859f8269cf006cf2181a2cb08

SHA256
5e0f2489ae7f21f6c5b035b2f475f27761690a12a7b9a0ae35508a221ccb1de4

SHA512
129e58d57a8f6c6a886869292bfaf92583819c871d79139690468e62b13ec2563fe8637e54dbf3a086981c47c7a917e212f2a128d2499af1b1048d1041a9ea10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
f24f4ad0dcb460f5c4c45cbd705e47bb

SHA1
1c1bae0f7735998aba9ec1fd421ea3e8dfa6c42e

SHA256
3a67fc9fac2c4558d1cb6dc5655875866e6d40c646f53236240017eb61b4c4a8

SHA512
c5165137d95264d2733951e17d27bfdae218d5bce0532accf256f563ff1d6f04ddfa162c4bab8345e071b32724542cab26e7e82463dcde6d45c55974f733a09c

Download Submit