20f1f153802af529d015c967eeef5da7738c2009f87e5a53df309d6f5367dd14

Analysis

max time kernel
145s
max time network
141s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
08/05/2024, 11:02

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

248cce7c6ef5b357078fa98767399f51_JaffaCakes118.html
Size

32KB
MD5

248cce7c6ef5b357078fa98767399f51
SHA1

18ef027d29dbfe8f429473c77acab15333e5af15
SHA256

20f1f153802af529d015c967eeef5da7738c2009f87e5a53df309d6f5367dd14
SHA512

8a6c17d72f98c3f0b561d88718104c9f62aea269701990a0c7da99eed444c966acec2b19f393ec1a6bbbe951bf789a74975b8a331f535f930f29ac210dcd1409
SSDEEP

768:zxy01AYz8uGGNHd4xJgVJAfJOBs50aQ8Va0k/hjbuT:zT1AYz8uJHd4xJgVJAJY2a0k/hjg

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1000	msedge.exe
1000	msedge.exe
3328	msedge.exe
3328	msedge.exe
3096	identity_helper.exe
3096	identity_helper.exe
5056	msedge.exe
5056	msedge.exe
5056	msedge.exe
5056	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
3328	msedge.exe
3328	msedge.exe
3328	msedge.exe
3328	msedge.exe
3328	msedge.exe
3328	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3328	msedge.exe
3328	msedge.exe
3328	msedge.exe
3328	msedge.exe
3328	msedge.exe
3328	msedge.exe
3328	msedge.exe
3328	msedge.exe
3328	msedge.exe
3328	msedge.exe
3328	msedge.exe
3328	msedge.exe
3328	msedge.exe
3328	msedge.exe
3328	msedge.exe
3328	msedge.exe
3328	msedge.exe
3328	msedge.exe
3328	msedge.exe
3328	msedge.exe
3328	msedge.exe
3328	msedge.exe
3328	msedge.exe
3328	msedge.exe
3328	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3328	msedge.exe
3328	msedge.exe
3328	msedge.exe
3328	msedge.exe
3328	msedge.exe
3328	msedge.exe
3328	msedge.exe
3328	msedge.exe
3328	msedge.exe
3328	msedge.exe
3328	msedge.exe
3328	msedge.exe
3328	msedge.exe
3328	msedge.exe
3328	msedge.exe
3328	msedge.exe
3328	msedge.exe
3328	msedge.exe
3328	msedge.exe
3328	msedge.exe
3328	msedge.exe
3328	msedge.exe
3328	msedge.exe
3328	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3328 wrote to memory of 2072	3328	msedge.exe	84
PID 3328 wrote to memory of 2072	3328	msedge.exe	84
PID 3328 wrote to memory of 2348	3328	msedge.exe	85
PID 3328 wrote to memory of 2348	3328	msedge.exe	85
PID 3328 wrote to memory of 2348	3328	msedge.exe	85
PID 3328 wrote to memory of 2348	3328	msedge.exe	85
PID 3328 wrote to memory of 2348	3328	msedge.exe	85
PID 3328 wrote to memory of 2348	3328	msedge.exe	85
PID 3328 wrote to memory of 2348	3328	msedge.exe	85
PID 3328 wrote to memory of 2348	3328	msedge.exe	85
PID 3328 wrote to memory of 2348	3328	msedge.exe	85
PID 3328 wrote to memory of 2348	3328	msedge.exe	85
PID 3328 wrote to memory of 2348	3328	msedge.exe	85
PID 3328 wrote to memory of 2348	3328	msedge.exe	85
PID 3328 wrote to memory of 2348	3328	msedge.exe	85
PID 3328 wrote to memory of 2348	3328	msedge.exe	85
PID 3328 wrote to memory of 2348	3328	msedge.exe	85
PID 3328 wrote to memory of 2348	3328	msedge.exe	85
PID 3328 wrote to memory of 2348	3328	msedge.exe	85
PID 3328 wrote to memory of 2348	3328	msedge.exe	85
PID 3328 wrote to memory of 2348	3328	msedge.exe	85
PID 3328 wrote to memory of 2348	3328	msedge.exe	85
PID 3328 wrote to memory of 2348	3328	msedge.exe	85
PID 3328 wrote to memory of 2348	3328	msedge.exe	85
PID 3328 wrote to memory of 2348	3328	msedge.exe	85
PID 3328 wrote to memory of 2348	3328	msedge.exe	85
PID 3328 wrote to memory of 2348	3328	msedge.exe	85
PID 3328 wrote to memory of 2348	3328	msedge.exe	85
PID 3328 wrote to memory of 2348	3328	msedge.exe	85
PID 3328 wrote to memory of 2348	3328	msedge.exe	85
PID 3328 wrote to memory of 2348	3328	msedge.exe	85
PID 3328 wrote to memory of 2348	3328	msedge.exe	85
PID 3328 wrote to memory of 2348	3328	msedge.exe	85
PID 3328 wrote to memory of 2348	3328	msedge.exe	85
PID 3328 wrote to memory of 2348	3328	msedge.exe	85
PID 3328 wrote to memory of 2348	3328	msedge.exe	85
PID 3328 wrote to memory of 2348	3328	msedge.exe	85
PID 3328 wrote to memory of 2348	3328	msedge.exe	85
PID 3328 wrote to memory of 2348	3328	msedge.exe	85
PID 3328 wrote to memory of 2348	3328	msedge.exe	85
PID 3328 wrote to memory of 2348	3328	msedge.exe	85
PID 3328 wrote to memory of 2348	3328	msedge.exe	85
PID 3328 wrote to memory of 1000	3328	msedge.exe	86
PID 3328 wrote to memory of 1000	3328	msedge.exe	86
PID 3328 wrote to memory of 4576	3328	msedge.exe	87
PID 3328 wrote to memory of 4576	3328	msedge.exe	87
PID 3328 wrote to memory of 4576	3328	msedge.exe	87
PID 3328 wrote to memory of 4576	3328	msedge.exe	87
PID 3328 wrote to memory of 4576	3328	msedge.exe	87
PID 3328 wrote to memory of 4576	3328	msedge.exe	87
PID 3328 wrote to memory of 4576	3328	msedge.exe	87
PID 3328 wrote to memory of 4576	3328	msedge.exe	87
PID 3328 wrote to memory of 4576	3328	msedge.exe	87
PID 3328 wrote to memory of 4576	3328	msedge.exe	87
PID 3328 wrote to memory of 4576	3328	msedge.exe	87
PID 3328 wrote to memory of 4576	3328	msedge.exe	87
PID 3328 wrote to memory of 4576	3328	msedge.exe	87
PID 3328 wrote to memory of 4576	3328	msedge.exe	87
PID 3328 wrote to memory of 4576	3328	msedge.exe	87
PID 3328 wrote to memory of 4576	3328	msedge.exe	87
PID 3328 wrote to memory of 4576	3328	msedge.exe	87
PID 3328 wrote to memory of 4576	3328	msedge.exe	87
PID 3328 wrote to memory of 4576	3328	msedge.exe	87
PID 3328 wrote to memory of 4576	3328	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\248cce7c6ef5b357078fa98767399f51_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdc6a346f8,0x7ffdc6a34708,0x7ffdc6a34718
  2⤵
  PID:2072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2236,13395120770569730326,10331101454492234320,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1776 /prefetch:2
  2⤵
  PID:2348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2236,13395120770569730326,10331101454492234320,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2296 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2236,13395120770569730326,10331101454492234320,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2864 /prefetch:8
  2⤵
  PID:4576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,13395120770569730326,10331101454492234320,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:5056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,13395120770569730326,10331101454492234320,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3412 /prefetch:1
  2⤵
  PID:2088
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2236,13395120770569730326,10331101454492234320,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6140 /prefetch:8
  2⤵
  PID:4744
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2236,13395120770569730326,10331101454492234320,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6140 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,13395120770569730326,10331101454492234320,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4948 /prefetch:1
  2⤵
  PID:1940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,13395120770569730326,10331101454492234320,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4140 /prefetch:1
  2⤵
  PID:1324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,13395120770569730326,10331101454492234320,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4008 /prefetch:1
  2⤵
  PID:3256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,13395120770569730326,10331101454492234320,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5656 /prefetch:1
  2⤵
  PID:4488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2236,13395120770569730326,10331101454492234320,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1820 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5056

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2408

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2528

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
62c02dda2bf22d702a9b3a1c547c5f6a

SHA1
8f42966df96bd2e8c1f6b31b37c9a19beb6394d6

SHA256
cb8a0964605551ed5a0668c08ab888044bbd845c9225ffee5a28e0b847ede62b

SHA512
a7ce2c0946382188e1d8480cfb096b29bd0dcb260ccdc74167cc351160a1884d04d57a2517eb700b3eef30eaf4a01bfbf31858365b1e624d4b0960ffd0032fa9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
850f27f857369bf7fe83c613d2ec35cb

SHA1
7677a061c6fd2a030b44841bfb32da0abc1dbefb

SHA256
a7db700e067222e55e323a9ffc71a92f59829e81021e2607cec0d2ec6faf602a

SHA512
7b1efa002b7a1a23973bff0618fb4a82cd0c5193df55cd960c7516caa63509587fd8b36f3aea6db01ece368065865af6472365b820fadce720b64b561ab5f401

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
249B

MD5
ec8b62a36def88f125a5ee9fea7412f1

SHA1
050023e3495d8cd32c18ed195294337bcd47a5f9

SHA256
6ac96e439755c53940fcbdbc158c1c8a0c1cb1886cba21c228e2d49c943d3c86

SHA512
4a30074f42d19c23506a8ba5f8aaab0748e009682209530a3b9beee1a6aed4a6504f4d7bad7659f130832b6c26d182be09354a511b4fc3b0f8609bcad84c9aa8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
eaf758ce38cef066642697860fe16cbb

SHA1
6a032c7b5ab04c52d1939209987d5d812774418d

SHA256
afcf3bf19fe41e769f8fededeb4e1b7f0eb9d624466b7d8442f41424fcf48cc5

SHA512
5d2da453e41b30e40c80873ce9c65501357e26f8e5b002a19579600158b12aa4ea3fe93e21027e9b94352287570e1a718c5d5e00f682f86ae2afc3dd0e0bb647

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d4da8cd817efe85e90c3228cab67237b

SHA1
be8ff795bdf2a8957073c9c157096694c2cb136d

SHA256
b6d9672f120fb83b2bdbca1b6c8acc88cf4b88da7a321bb5398d9caa5038d123

SHA512
609b0fa8800faf5331f02310ccacb02ff95b71b6d1ce1d506617b67751f1e67a90a3809861c1ee16f597a8818328c3a47ac5329bec938f1f07e295c4b2bea939

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ededb3643c3b5d3dc85738e7db32f985

SHA1
6e8ecd3a44d036d4649ec9b34b473a95ebee22dd

SHA256
2fd6a1240a5d8ce6b2df8babb86cdfc17a73227b270d100f7a609af4a6e69d1e

SHA512
4e5d7aa3cff682a5c081316924eeeba88084059acd4a628e337787649b1952869cca20d0da91ea52f45bfceaf45cb6fa2e86c51641b638f1e5530bcba7f7e817

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
53c993317a4fcf2cc46f32937af8cd21

SHA1
a9c4982a78cc1ba3a24bd4b205014edb633165a1

SHA256
055167330b256016d11136f23ffd9c2fcf48514a29a83eaba8278d2a3cb8b86b

SHA512
97a295461222ac2bc854a4739679a8e1d39ddc691860e6670ad1bd32958cda5be3ee2e4a968e2cbc65b0023f626a29d7cce288a0c95ee6da32df89326ac6f55b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
370B

MD5
c9628f97e6bc7233960bdb2e2d79a432

SHA1
d7d5b92b56eed82dc7e5f48a4cab6a94047ead61

SHA256
ab166507dcd94780f298b89133ef440c677d124d562675089ea372ce039ebf9f

SHA512
d1f469e3093bc36e6b238520db366208c6f51bb1753d7626f950fd9be06b2fe13a06c3fc7a5a8503192f866e95e24e5635524c0048109a59d15d2579bf451ee5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57c1ba.TMP

Filesize
203B

MD5
f452c485a251b5a6e33cfb89f72587fd

SHA1
580b9480a4098a783cc77ab3e9dc22b539e47826

SHA256
55cd077657d52ff1ccbec63d031ff0c3162f28dc98d0fc90a5b81527ffc1fe29

SHA512
c044663d41eb9ef590157ae51fa903902d1e902b7255f05a9b08cb872cea3d25c8d9fa5bdcc23941fb2ef5f834513a57bbf0fce914fee2ed60dd08c00ba53995

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
42ea9a770ea6408dcec9bf36571c62e9

SHA1
6ddddde1f38d4425802eceaafc5a3190ba9def89

SHA256
1b65234ee08829cf5eea64c19f476b0b02a46a445d34d908816f74a35dc8b32b

SHA512
521eeec4599f09c77bb3e956deb5bc67dbcd957c607c20bb8f5c89787cdd4074e17fd25e7cabe4547b16f2f7a3d1e2b226bc16899220d2052fb82f3c3a1e6a62

Download Submit