519b2b8cf59516e4dcb678482c6bb4174ee7b67826266720b46130293a2431e5

Analysis

max time kernel
146s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
11/06/2024, 18:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9f1b844d9da8a781d58363576efb080e_JaffaCakes118.html
Size

171KB
MD5

9f1b844d9da8a781d58363576efb080e
SHA1

20a5107db2a0a857d450a575d629b505059d49d0
SHA256

519b2b8cf59516e4dcb678482c6bb4174ee7b67826266720b46130293a2431e5
SHA512

b360cc37cc74b45933f43ad60bc1c3e8f2bb6bcafd11598ce24bff2467725f93fd0a99e7d16b52a2f6ac2c55eb9430b1ed524edba6517fe01e8f0cf9b8cd52ff
SSDEEP

3072:dZhwL1F6PHuzee7N/44jV3kMpY+NoV+Ka2hWkGUGbuWjSFQ:LSLiPHeQe5psV/2v

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
1140	msedge.exe
1140	msedge.exe
4820	msedge.exe
4820	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
4820	msedge.exe
4820	msedge.exe
4820	msedge.exe
4820	msedge.exe
4820	msedge.exe
4820	msedge.exe
4820	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4820	msedge.exe
4820	msedge.exe
4820	msedge.exe
4820	msedge.exe
4820	msedge.exe
4820	msedge.exe
4820	msedge.exe
4820	msedge.exe
4820	msedge.exe
4820	msedge.exe
4820	msedge.exe
4820	msedge.exe
4820	msedge.exe
4820	msedge.exe
4820	msedge.exe
4820	msedge.exe
4820	msedge.exe
4820	msedge.exe
4820	msedge.exe
4820	msedge.exe
4820	msedge.exe
4820	msedge.exe
4820	msedge.exe
4820	msedge.exe
4820	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4820	msedge.exe
4820	msedge.exe
4820	msedge.exe
4820	msedge.exe
4820	msedge.exe
4820	msedge.exe
4820	msedge.exe
4820	msedge.exe
4820	msedge.exe
4820	msedge.exe
4820	msedge.exe
4820	msedge.exe
4820	msedge.exe
4820	msedge.exe
4820	msedge.exe
4820	msedge.exe
4820	msedge.exe
4820	msedge.exe
4820	msedge.exe
4820	msedge.exe
4820	msedge.exe
4820	msedge.exe
4820	msedge.exe
4820	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4820 wrote to memory of 2436	4820	msedge.exe	80
PID 4820 wrote to memory of 2436	4820	msedge.exe	80
PID 4820 wrote to memory of 60	4820	msedge.exe	81
PID 4820 wrote to memory of 60	4820	msedge.exe	81
PID 4820 wrote to memory of 60	4820	msedge.exe	81
PID 4820 wrote to memory of 60	4820	msedge.exe	81
PID 4820 wrote to memory of 60	4820	msedge.exe	81
PID 4820 wrote to memory of 60	4820	msedge.exe	81
PID 4820 wrote to memory of 60	4820	msedge.exe	81
PID 4820 wrote to memory of 60	4820	msedge.exe	81
PID 4820 wrote to memory of 60	4820	msedge.exe	81
PID 4820 wrote to memory of 60	4820	msedge.exe	81
PID 4820 wrote to memory of 60	4820	msedge.exe	81
PID 4820 wrote to memory of 60	4820	msedge.exe	81
PID 4820 wrote to memory of 60	4820	msedge.exe	81
PID 4820 wrote to memory of 60	4820	msedge.exe	81
PID 4820 wrote to memory of 60	4820	msedge.exe	81
PID 4820 wrote to memory of 60	4820	msedge.exe	81
PID 4820 wrote to memory of 60	4820	msedge.exe	81
PID 4820 wrote to memory of 60	4820	msedge.exe	81
PID 4820 wrote to memory of 60	4820	msedge.exe	81
PID 4820 wrote to memory of 60	4820	msedge.exe	81
PID 4820 wrote to memory of 60	4820	msedge.exe	81
PID 4820 wrote to memory of 60	4820	msedge.exe	81
PID 4820 wrote to memory of 60	4820	msedge.exe	81
PID 4820 wrote to memory of 60	4820	msedge.exe	81
PID 4820 wrote to memory of 60	4820	msedge.exe	81
PID 4820 wrote to memory of 60	4820	msedge.exe	81
PID 4820 wrote to memory of 60	4820	msedge.exe	81
PID 4820 wrote to memory of 60	4820	msedge.exe	81
PID 4820 wrote to memory of 60	4820	msedge.exe	81
PID 4820 wrote to memory of 60	4820	msedge.exe	81
PID 4820 wrote to memory of 60	4820	msedge.exe	81
PID 4820 wrote to memory of 60	4820	msedge.exe	81
PID 4820 wrote to memory of 60	4820	msedge.exe	81
PID 4820 wrote to memory of 60	4820	msedge.exe	81
PID 4820 wrote to memory of 60	4820	msedge.exe	81
PID 4820 wrote to memory of 60	4820	msedge.exe	81
PID 4820 wrote to memory of 60	4820	msedge.exe	81
PID 4820 wrote to memory of 60	4820	msedge.exe	81
PID 4820 wrote to memory of 60	4820	msedge.exe	81
PID 4820 wrote to memory of 60	4820	msedge.exe	81
PID 4820 wrote to memory of 1140	4820	msedge.exe	82
PID 4820 wrote to memory of 1140	4820	msedge.exe	82
PID 4820 wrote to memory of 828	4820	msedge.exe	83
PID 4820 wrote to memory of 828	4820	msedge.exe	83
PID 4820 wrote to memory of 828	4820	msedge.exe	83
PID 4820 wrote to memory of 828	4820	msedge.exe	83
PID 4820 wrote to memory of 828	4820	msedge.exe	83
PID 4820 wrote to memory of 828	4820	msedge.exe	83
PID 4820 wrote to memory of 828	4820	msedge.exe	83
PID 4820 wrote to memory of 828	4820	msedge.exe	83
PID 4820 wrote to memory of 828	4820	msedge.exe	83
PID 4820 wrote to memory of 828	4820	msedge.exe	83
PID 4820 wrote to memory of 828	4820	msedge.exe	83
PID 4820 wrote to memory of 828	4820	msedge.exe	83
PID 4820 wrote to memory of 828	4820	msedge.exe	83
PID 4820 wrote to memory of 828	4820	msedge.exe	83
PID 4820 wrote to memory of 828	4820	msedge.exe	83
PID 4820 wrote to memory of 828	4820	msedge.exe	83
PID 4820 wrote to memory of 828	4820	msedge.exe	83
PID 4820 wrote to memory of 828	4820	msedge.exe	83
PID 4820 wrote to memory of 828	4820	msedge.exe	83
PID 4820 wrote to memory of 828	4820	msedge.exe	83

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\9f1b844d9da8a781d58363576efb080e_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x108,0x10c,0x110,0xd8,0x114,0x7fff739b46f8,0x7fff739b4708,0x7fff739b4718
  2⤵
  PID:2436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,3641470079702669287,317786162340910130,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2
  2⤵
  PID:60
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,3641470079702669287,317786162340910130,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2124 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,3641470079702669287,317786162340910130,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2832 /prefetch:8
  2⤵
  PID:828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,3641470079702669287,317786162340910130,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:2200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,3641470079702669287,317786162340910130,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:4564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,3641470079702669287,317786162340910130,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5588 /prefetch:1
  2⤵
  PID:4744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,3641470079702669287,317786162340910130,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5912 /prefetch:1
  2⤵
  PID:4836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,3641470079702669287,317786162340910130,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5600 /prefetch:1
  2⤵
  PID:3232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,3641470079702669287,317786162340910130,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6004 /prefetch:1
  2⤵
  PID:3220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,3641470079702669287,317786162340910130,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6124 /prefetch:1
  2⤵
  PID:840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,3641470079702669287,317786162340910130,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4808 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2068

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3536

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3560

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2daa93382bba07cbc40af372d30ec576

SHA1
c5e709dc3e2e4df2ff841fbde3e30170e7428a94

SHA256
1826d2a57b1938c148bf212a47d947ed1bfb26cfc55868931f843ee438117f30

SHA512
65635cb59c81548a9ef8fdb0942331e7f3cd0c30ce1d4dba48aed72dbb27b06511a55d2aeaadfadbbb4b7cb4b2e2772bbabba9603b3f7d9c8b9e4a7fbf3d6b6b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ecdc2754d7d2ae862272153aa9b9ca6e

SHA1
c19bed1c6e1c998b9fa93298639ad7961339147d

SHA256
a13d791473f836edcab0e93451ce7b7182efbbc54261b2b5644d319e047a00a7

SHA512
cd4fb81317d540f8b15f1495a381bb6f0f129b8923a7c06e4b5cf777d2625c30304aee6cc68aa20479e08d84e5030b43fbe93e479602400334dfdd7297f702f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

Filesize
23KB

MD5
e1c71f7c04be834f5587230db2ad24b3

SHA1
f3bab9cb99d9f343bf7ed3981aaa7450515d2424

SHA256
9fb6c768068467b58cc773a3907f3f5ec170bfe02ca8f301f6a232a9daf5a899

SHA512
205366b4a3ca0dae58722a19ba24088dd8db483db9d14b376434024b064715ade720347ff5de87db014e32d2ef8192e71bbbdd3c885d5a8581b4aafc6e88ce51

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
7d034fe159b3344c32910057a4c1b8bf

SHA1
481faa74a8cc635876aa01ef9bd89799348f9e57

SHA256
d9885dd89e7805c86f101c9f72ae3240f8028b683136b13ed78c127b7fda9a6b

SHA512
7fd007d43322c726fb3a25e8cf9842d8f7c4bc6b32de1b01663596d0395380728b82f56e6b8df83dfcc5c1b17ba839eec1cabc6eec6fe8b0d4e73c7600954e98

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
e4c82c73c08e5b620411e2e745f96835

SHA1
3d41cf49ebbc03fe2bcc32403f21921436fdaa1e

SHA256
7a26320c5b39524b9303209d7a7daafe1e79a9b39032e1b8394afe73beacdab4

SHA512
38d327b6f0b018bc04d3f40177208ef150fa9d8ef44961b7d9e5b1b22f0d7d0f1fb79696c26e89bb519fb1c795b7d8b3f1a714c1d5d59ce20348aae2656136ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
eabef50ce6df4ffa3eb08d3e52c33a00

SHA1
14230cf09ed115b5a334a9f314de92d245a750ff

SHA256
555d6cfe2b7c1e22dcf54b06e8d764b13475ef18a20851be0f5180f72903d2a7

SHA512
6ad849e8beaf1f209ef52d7e44165b59cfc047e84290084a95413fc1fb54f3acf9aa436dedd935376024506b3838ea4905fb58066f890513e6aea3deb82e3503

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
a86c557f66f939dc5ba680a0ff1c4a43

SHA1
04470dbc6bd4528d3ccdb75adc1b13edb2a8ba28

SHA256
7753112bf86f6757da3c159ce0e008364fc4e31bd8666ccffda78035e4136b72

SHA512
8640d432749a7f7839210c45480170b7c963d1fdb520f8d6010f94f20179982335a40715b953361b33eb6c0ddca96d8068297528064539309a4dd8ae7a28e796

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3576d3dd78cb357b1c5063bce3c8d398

SHA1
73ca064cf5e025c9ef5321cd9902bb05536110e0

SHA256
0dcfc7165eeef3c8b96668101451ff3a7bc7ffa2b8671da05a72c4c4fa316134

SHA512
117532b0ceb70eed8e14ed4b50b58b6e374ce79799a9c2f0807ed82f16c35aeab44deea81d04e9ae41f87bfd16a27bdf184f50be5a7fa18193f7d92686f91348

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
8eed20d3bc3b675ba230a76a2e85a10f

SHA1
4b89a0f588a060ab28ba70b072c80ac1555508bb

SHA256
21530e9e43a53d6565e3f21d6bcdb2e80ee4ba59d2247fa5c8d3a27075b145a4

SHA512
32ad9ca89060364ae6c7a8578917409ad24242f5782cdfb23532bbdfcc23f28bb08303edf1389828b719dee11a85ecd62e089ea6af3efd7b489fd49cee2a6b77

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
9a7905f0409f84322a842a6d74723d0f

SHA1
f402b337a8703fb963f53db81594f9f29b9800f0

SHA256
8ce573e97d4c1e79e3ee2855449092bfc7fd0e8a21c0351af77d0382e732bb1e

SHA512
fb63d6f322869abe5d40298a01286332a8177ffe25ed82c6fae1c5ecbed6710670e288ab85e03b5b1ac995a9c3bf92c453b46da2bbae5d5c3c7d075babe920ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57b6bd.TMP

Filesize
705B

MD5
62491516f4edd9af22ba3181e2936605

SHA1
17958a637393bcaded077934bb5725fa621c4ef2

SHA256
7a03c0692edc165d7f6b0beb0d96bbfca5e725393109d337f700cf07e28e838d

SHA512
243bb88592f52aa094b36a3a0ee6c96ff58bcf9611b0ad55f1a61ffda38394057ba1dde9aa0cb36a172fb4706fb1e1999883c61511ea9ce287bc2023b430bc41

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
5fbe93d04b5973666e40a1138c0d686a

SHA1
de511cda8d3619c79dffea5b977eac99be08887f

SHA256
3e55d620b25667385a69d8b181ad840db9abb8d72f00870a6cc1c22f2f756e53

SHA512
451b76d236d72edafb09f8e439da388e2f024ba44fc30e5bcdcaea85655ec6815e2d6eedc96b05ccc5c70cdc7efeb63b9b0b0154e6a288bf43be08b1833acc90

Download Submit