37c0eb6113b0ab334421ea68e4bfc440bc5422b077506733976e386f1b1cd7be

Analysis

max time kernel
145s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
26/08/2024, 00:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c1f6ddea6ea94bd5146d0e953d3b55e2_JaffaCakes118.html
Size

14KB
MD5

c1f6ddea6ea94bd5146d0e953d3b55e2
SHA1

00c2ff29a02032d4c0003ea570f329ac1f7f4e22
SHA256

37c0eb6113b0ab334421ea68e4bfc440bc5422b077506733976e386f1b1cd7be
SHA512

15e5f6740c0b01e36b8160d6bdc0774c5fc913b0d08ad8ae6d44501182d4486fd8a6c083cf1471da7ada43aaf9abab0b83de5b2528af23f82224b22499b8b5fb
SSDEEP

384:aY/FGP+jmBMHBMoBMmQ0SkV4KVg0CFQbnlr0tIVU1QD:ZjmCHCoCmPb4KVXCejBR

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3576	msedge.exe
3576	msedge.exe
3036	msedge.exe
3036	msedge.exe
2532	identity_helper.exe
2532	identity_helper.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3036 wrote to memory of 4124	3036	msedge.exe	84
PID 3036 wrote to memory of 4124	3036	msedge.exe	84
PID 3036 wrote to memory of 5016	3036	msedge.exe	85
PID 3036 wrote to memory of 5016	3036	msedge.exe	85
PID 3036 wrote to memory of 5016	3036	msedge.exe	85
PID 3036 wrote to memory of 5016	3036	msedge.exe	85
PID 3036 wrote to memory of 5016	3036	msedge.exe	85
PID 3036 wrote to memory of 5016	3036	msedge.exe	85
PID 3036 wrote to memory of 5016	3036	msedge.exe	85
PID 3036 wrote to memory of 5016	3036	msedge.exe	85
PID 3036 wrote to memory of 5016	3036	msedge.exe	85
PID 3036 wrote to memory of 5016	3036	msedge.exe	85
PID 3036 wrote to memory of 5016	3036	msedge.exe	85
PID 3036 wrote to memory of 5016	3036	msedge.exe	85
PID 3036 wrote to memory of 5016	3036	msedge.exe	85
PID 3036 wrote to memory of 5016	3036	msedge.exe	85
PID 3036 wrote to memory of 5016	3036	msedge.exe	85
PID 3036 wrote to memory of 5016	3036	msedge.exe	85
PID 3036 wrote to memory of 5016	3036	msedge.exe	85
PID 3036 wrote to memory of 5016	3036	msedge.exe	85
PID 3036 wrote to memory of 5016	3036	msedge.exe	85
PID 3036 wrote to memory of 5016	3036	msedge.exe	85
PID 3036 wrote to memory of 5016	3036	msedge.exe	85
PID 3036 wrote to memory of 5016	3036	msedge.exe	85
PID 3036 wrote to memory of 5016	3036	msedge.exe	85
PID 3036 wrote to memory of 5016	3036	msedge.exe	85
PID 3036 wrote to memory of 5016	3036	msedge.exe	85
PID 3036 wrote to memory of 5016	3036	msedge.exe	85
PID 3036 wrote to memory of 5016	3036	msedge.exe	85
PID 3036 wrote to memory of 5016	3036	msedge.exe	85
PID 3036 wrote to memory of 5016	3036	msedge.exe	85
PID 3036 wrote to memory of 5016	3036	msedge.exe	85
PID 3036 wrote to memory of 5016	3036	msedge.exe	85
PID 3036 wrote to memory of 5016	3036	msedge.exe	85
PID 3036 wrote to memory of 5016	3036	msedge.exe	85
PID 3036 wrote to memory of 5016	3036	msedge.exe	85
PID 3036 wrote to memory of 5016	3036	msedge.exe	85
PID 3036 wrote to memory of 5016	3036	msedge.exe	85
PID 3036 wrote to memory of 5016	3036	msedge.exe	85
PID 3036 wrote to memory of 5016	3036	msedge.exe	85
PID 3036 wrote to memory of 5016	3036	msedge.exe	85
PID 3036 wrote to memory of 5016	3036	msedge.exe	85
PID 3036 wrote to memory of 3576	3036	msedge.exe	86
PID 3036 wrote to memory of 3576	3036	msedge.exe	86
PID 3036 wrote to memory of 316	3036	msedge.exe	87
PID 3036 wrote to memory of 316	3036	msedge.exe	87
PID 3036 wrote to memory of 316	3036	msedge.exe	87
PID 3036 wrote to memory of 316	3036	msedge.exe	87
PID 3036 wrote to memory of 316	3036	msedge.exe	87
PID 3036 wrote to memory of 316	3036	msedge.exe	87
PID 3036 wrote to memory of 316	3036	msedge.exe	87
PID 3036 wrote to memory of 316	3036	msedge.exe	87
PID 3036 wrote to memory of 316	3036	msedge.exe	87
PID 3036 wrote to memory of 316	3036	msedge.exe	87
PID 3036 wrote to memory of 316	3036	msedge.exe	87
PID 3036 wrote to memory of 316	3036	msedge.exe	87
PID 3036 wrote to memory of 316	3036	msedge.exe	87
PID 3036 wrote to memory of 316	3036	msedge.exe	87
PID 3036 wrote to memory of 316	3036	msedge.exe	87
PID 3036 wrote to memory of 316	3036	msedge.exe	87
PID 3036 wrote to memory of 316	3036	msedge.exe	87
PID 3036 wrote to memory of 316	3036	msedge.exe	87
PID 3036 wrote to memory of 316	3036	msedge.exe	87
PID 3036 wrote to memory of 316	3036	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\c1f6ddea6ea94bd5146d0e953d3b55e2_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff9ab746f8,0x7fff9ab74708,0x7fff9ab74718
  2⤵
  PID:4124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,14598849616918011908,867549225977896225,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2
  2⤵
  PID:5016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,14598849616918011908,867549225977896225,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,14598849616918011908,867549225977896225,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2724 /prefetch:8
  2⤵
  PID:316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,14598849616918011908,867549225977896225,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:2032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,14598849616918011908,867549225977896225,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:3440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,14598849616918011908,867549225977896225,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5328 /prefetch:1
  2⤵
  PID:4272
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,14598849616918011908,867549225977896225,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5600 /prefetch:8
  2⤵
  PID:4424
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,14598849616918011908,867549225977896225,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5600 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,14598849616918011908,867549225977896225,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5596 /prefetch:1
  2⤵
  PID:3864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,14598849616918011908,867549225977896225,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5104 /prefetch:1
  2⤵
  PID:1988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,14598849616918011908,867549225977896225,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5336 /prefetch:1
  2⤵
  PID:2328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,14598849616918011908,867549225977896225,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4388 /prefetch:1
  2⤵
  PID:1832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,14598849616918011908,867549225977896225,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1744 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3144

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4836

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2912

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
111c361619c017b5d09a13a56938bd54

SHA1
e02b363a8ceb95751623f25025a9299a2c931e07

SHA256
d7be4042a1e3511b0dbf0ab5c493245e4ac314440a4ae0732813db01a21ef8bc

SHA512
fc16a4ad0b56899b82d05114d7b0ca8ee610cdba6ff0b6a67dea44faf17b3105109335359b78c0a59c9011a13152744a7f5d4f6a5b66ea519df750ef03f622b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
983cbc1f706a155d63496ebc4d66515e

SHA1
223d0071718b80cad9239e58c5e8e64df6e2a2fe

SHA256
cc34b8f8e3f4bfe4c9a227d88f56ea2dd276ca3ac81df622ff5e9a8ec46b951c

SHA512
d9cf2ca46d9379902730c81e615a3eb694873ffd535c6bb3ded2dc97cdbbfb71051ab11a07754ed6f610f04285605b702b5a48a6cfda3ee3287230c41c9c45cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
336B

MD5
6120da81a474c6e9234ab2e6f1945719

SHA1
5a7de0bbc9a15b9d054254f8724ba973c5109b10

SHA256
1e8728104efc6255908dbcee1bed20c8ade7eb582c715efe913a971bd9163807

SHA512
e6639ba0abd250b922ff6dcc3029c8a21b01c21a19edce0e09e893c1e616cad3245ba2a7e4f8773b84a48e79da5c3becd6b82e4605496ca4d3e464453c395840

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
38e8b3a0cf443b8d286f29942a8f7778

SHA1
e667a213b382a131aa0a47ab27f1071d4d516ccd

SHA256
3c3ba0976f6b9a86277902e0fc1a963b727fffcdd955e328cc20214c0736f499

SHA512
df325f390836fcb55dbca67efe62d3716164ba636e1390d1bc5863fe7022b4711671986af0d845362f1d61a5b3ace7d4e8e7c748c1f94b7624a4066bb702d99f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
079a653317a02369650bd645413a77f3

SHA1
c633285e561a568ed3245dfed333363718afde42

SHA256
050331adfd8a9e763ce83c934d79a7f6db34b209ff1e5190647729f9306126fd

SHA512
79ded59a0c4ef4b5a498dcbae015085689f431788f0bb503380f2044ed5b641b32c8537a17e8fb80370447d23a26f143a7c28e8c47681a513f24d85111beb167

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b22e2f0334c309983002842b6d95f5ef

SHA1
d58ef07c4aa5f551542db1a9997dad0bcc985675

SHA256
f258a4137a1905cea5a2ded34dde44c3cd858d92215367457af90827630eaedb

SHA512
73238396a38c68d37c2c0a20e148d87446a52654eb6831525023d4602c0a8f20fb04cd7fad87c440b6a40440ead3f4e8891ac524b162e64d068228cf1deb25bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
539B

MD5
ab9246a07e252f16af033338b29b1f40

SHA1
ba80da18381a96db9c4a737eecf6526e72a73dd2

SHA256
8c0eb9c986460c13b3b51e977e6350a4ca3540986e1305f8819b94881579e30f

SHA512
7e26263c367c4745cc33b99faf77064b8e47c82442f54e9d3470fab2290305e50b857595c27401d8da232c9321ee2ab5de8ccddf21bf239f27d2623b5ba59f87

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe581b05.TMP

Filesize
371B

MD5
bcc63c1a6931647fadd2cc4f62c1b1c4

SHA1
3d650aef0390e3c7a6e77a4060e15bf4921c012b

SHA256
cd2d9c737c6998abc7bcc57e6ffdf6086f29c931bf89390588112d86a184bd75

SHA512
dd91495b7e9d3d5d879541041b0f36bafcf0f5baadb1bb2e7650494ebcdfec673a73a7e70a3e91bb6feaa9d54b6c4ecc984e514e6fe4de32074be103b5283e07

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
dfedead710dafff58bb1294e6bcb3a67

SHA1
68844591ee6829b740296187a988070763fa13b3

SHA256
b0ea6e4119e494ae38642e96d9184369277defc40c05813cef10b86ac37c3b10

SHA512
66bdb7db7bb0d1a9e2c96e70da19d559ed08800e9f3e8c26298e8d6d7aaf61ff57e08c2a86ed5c361373fc507c77d8ab2fea358bedd63822e439585c9c51eda0

Download Submit