d0515cf68355ea448b8beba5eff8bcc9b281c49773c65040fb955361ef7808a6

Analysis

max time kernel
148s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
25/09/2024, 13:31

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

f61e2660620a59ef8f8ede77812deb7a_JaffaCakes118.html
Size

14KB
MD5

f61e2660620a59ef8f8ede77812deb7a
SHA1

033eedc00f17bb33ec339874fd3aa21cd0b62a8e
SHA256

d0515cf68355ea448b8beba5eff8bcc9b281c49773c65040fb955361ef7808a6
SHA512

86b5bcb850543d455c099f98ced06e293eb98f5d0b3cd9b15c6029a7a5f7bdd0eed24f0c2c801e638b05ae842f8f8d7e18185423910844c623abe69da7f33189
SSDEEP

384:DxsR7kGylkMr96R6PyGzNQ1nhNTtdll/kf:G7kGaNG66GaVrqf

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
764	msedge.exe
764	msedge.exe
4040	msedge.exe
4040	msedge.exe
4848	identity_helper.exe
4848	identity_helper.exe
4432	msedge.exe
4432	msedge.exe
4432	msedge.exe
4432	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4040 wrote to memory of 4880	4040	msedge.exe	82
PID 4040 wrote to memory of 4880	4040	msedge.exe	82
PID 4040 wrote to memory of 2356	4040	msedge.exe	83
PID 4040 wrote to memory of 2356	4040	msedge.exe	83
PID 4040 wrote to memory of 2356	4040	msedge.exe	83
PID 4040 wrote to memory of 2356	4040	msedge.exe	83
PID 4040 wrote to memory of 2356	4040	msedge.exe	83
PID 4040 wrote to memory of 2356	4040	msedge.exe	83
PID 4040 wrote to memory of 2356	4040	msedge.exe	83
PID 4040 wrote to memory of 2356	4040	msedge.exe	83
PID 4040 wrote to memory of 2356	4040	msedge.exe	83
PID 4040 wrote to memory of 2356	4040	msedge.exe	83
PID 4040 wrote to memory of 2356	4040	msedge.exe	83
PID 4040 wrote to memory of 2356	4040	msedge.exe	83
PID 4040 wrote to memory of 2356	4040	msedge.exe	83
PID 4040 wrote to memory of 2356	4040	msedge.exe	83
PID 4040 wrote to memory of 2356	4040	msedge.exe	83
PID 4040 wrote to memory of 2356	4040	msedge.exe	83
PID 4040 wrote to memory of 2356	4040	msedge.exe	83
PID 4040 wrote to memory of 2356	4040	msedge.exe	83
PID 4040 wrote to memory of 2356	4040	msedge.exe	83
PID 4040 wrote to memory of 2356	4040	msedge.exe	83
PID 4040 wrote to memory of 2356	4040	msedge.exe	83
PID 4040 wrote to memory of 2356	4040	msedge.exe	83
PID 4040 wrote to memory of 2356	4040	msedge.exe	83
PID 4040 wrote to memory of 2356	4040	msedge.exe	83
PID 4040 wrote to memory of 2356	4040	msedge.exe	83
PID 4040 wrote to memory of 2356	4040	msedge.exe	83
PID 4040 wrote to memory of 2356	4040	msedge.exe	83
PID 4040 wrote to memory of 2356	4040	msedge.exe	83
PID 4040 wrote to memory of 2356	4040	msedge.exe	83
PID 4040 wrote to memory of 2356	4040	msedge.exe	83
PID 4040 wrote to memory of 2356	4040	msedge.exe	83
PID 4040 wrote to memory of 2356	4040	msedge.exe	83
PID 4040 wrote to memory of 2356	4040	msedge.exe	83
PID 4040 wrote to memory of 2356	4040	msedge.exe	83
PID 4040 wrote to memory of 2356	4040	msedge.exe	83
PID 4040 wrote to memory of 2356	4040	msedge.exe	83
PID 4040 wrote to memory of 2356	4040	msedge.exe	83
PID 4040 wrote to memory of 2356	4040	msedge.exe	83
PID 4040 wrote to memory of 2356	4040	msedge.exe	83
PID 4040 wrote to memory of 2356	4040	msedge.exe	83
PID 4040 wrote to memory of 764	4040	msedge.exe	84
PID 4040 wrote to memory of 764	4040	msedge.exe	84
PID 4040 wrote to memory of 5096	4040	msedge.exe	85
PID 4040 wrote to memory of 5096	4040	msedge.exe	85
PID 4040 wrote to memory of 5096	4040	msedge.exe	85
PID 4040 wrote to memory of 5096	4040	msedge.exe	85
PID 4040 wrote to memory of 5096	4040	msedge.exe	85
PID 4040 wrote to memory of 5096	4040	msedge.exe	85
PID 4040 wrote to memory of 5096	4040	msedge.exe	85
PID 4040 wrote to memory of 5096	4040	msedge.exe	85
PID 4040 wrote to memory of 5096	4040	msedge.exe	85
PID 4040 wrote to memory of 5096	4040	msedge.exe	85
PID 4040 wrote to memory of 5096	4040	msedge.exe	85
PID 4040 wrote to memory of 5096	4040	msedge.exe	85
PID 4040 wrote to memory of 5096	4040	msedge.exe	85
PID 4040 wrote to memory of 5096	4040	msedge.exe	85
PID 4040 wrote to memory of 5096	4040	msedge.exe	85
PID 4040 wrote to memory of 5096	4040	msedge.exe	85
PID 4040 wrote to memory of 5096	4040	msedge.exe	85
PID 4040 wrote to memory of 5096	4040	msedge.exe	85
PID 4040 wrote to memory of 5096	4040	msedge.exe	85
PID 4040 wrote to memory of 5096	4040	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\f61e2660620a59ef8f8ede77812deb7a_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffce45246f8,0x7ffce4524708,0x7ffce4524718
  2⤵
  PID:4880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1944,12615419998717102506,2794294028334552266,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1960 /prefetch:2
  2⤵
  PID:2356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1944,12615419998717102506,2794294028334552266,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1944,12615419998717102506,2794294028334552266,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2712 /prefetch:8
  2⤵
  PID:5096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,12615419998717102506,2794294028334552266,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3196 /prefetch:1
  2⤵
  PID:1064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,12615419998717102506,2794294028334552266,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1
  2⤵
  PID:1528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,12615419998717102506,2794294028334552266,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1048 /prefetch:1
  2⤵
  PID:1992
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1944,12615419998717102506,2794294028334552266,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4132 /prefetch:8
  2⤵
  PID:4536
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1944,12615419998717102506,2794294028334552266,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4132 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,12615419998717102506,2794294028334552266,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4816 /prefetch:1
  2⤵
  PID:5076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,12615419998717102506,2794294028334552266,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5280 /prefetch:1
  2⤵
  PID:4180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,12615419998717102506,2794294028334552266,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5708 /prefetch:1
  2⤵
  PID:3720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,12615419998717102506,2794294028334552266,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5636 /prefetch:1
  2⤵
  PID:2716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1944,12615419998717102506,2794294028334552266,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4144 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4432

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2512

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1716

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ecf7ca53c80b5245e35839009d12f866

SHA1
a7af77cf31d410708ebd35a232a80bddfb0615bb

SHA256
882a513b71b26210ff251769b82b2c5d59a932f96d9ce606ca2fab6530a13687

SHA512
706722bd22ce27d854036b1b16e6a3cdb36284b66edc76238a79c2e11cee7d1307b121c898ad832eb1af73e4f08d991d64dc0bff529896ffb4ebe9b3dc381696

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4dd2754d1bea40445984d65abee82b21

SHA1
4b6a5658bae9a784a370a115fbb4a12e92bd3390

SHA256
183b8e82a0deaa83d04736553671cedb738adc909f483b3c5f822a0e6be7477d

SHA512
92d44ee372ad33f892b921efa6cabc78e91025e89f05a22830763217826fa98d51d55711f85c8970ac58abf9adc6c85cc40878032cd6d2589ab226cd099f99e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
1ad3b490506e08f53cc30861eacfd45d

SHA1
8bc2260ea5fe5ac207374fbaffc4563d87299b4a

SHA256
e01dc61c0c0fe46d8a8a1ca987501475711845048e08fb64dfe510d7994846ae

SHA512
1d82bb4337ac36270ef649954f5b1dda03fc609345eb69f62e07608869a3fd984ae9f3810664e7bba729a322c24e43c89fc0243e4a3198249c1c427b11d3a0f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
178B

MD5
81b4ab89b012c6fdd249e364967a4a3c

SHA1
3a72bc3817e7394712dac612fde82c322d4e30af

SHA256
a7baf57bee3d533c950bf088a1660b0ca8a0b6e676bff2c816eabb19787e5994

SHA512
a29c1a32c84beb54a8b965f12f81d4e31b287f91cee3608847a00b85f784d6442eee328d72cc22409a7e047757f5b4b6f1f775ef9a22adf8e60f522a9740a346

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1022B

MD5
b970b5fa50c4b4292a06372d48376483

SHA1
753142f40ce9edd49b973e46ff5a5052f5a1b9fe

SHA256
b4b352a1829916ed6037312e511cbfa8623be7fc7b4e7978e6b7353063e186a1

SHA512
a8afbc9d67569c3cc7ba129ae630d9b604c79ba67e3983ccaf99e6d4cf635c5f5d109c30c6a906e5e50020e4e4f9982e2da84f6042d32256a47277f784066af4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
d967f8e8473848c4ab9473c230a7b3d1

SHA1
a5edeb6bf66930dbf94c3db8479cbdaf1989c297

SHA256
fa4b7afa2edb4d0b1d19960ce4102d4d41fce5e36ca317bfa0c6f054768d72fc

SHA512
ec2c5b8f242b9550b0359f06edb7dbf72fda9c75f7e09f94ab0e9fb6bce1fdbcfce514c8f699e3bd067615b97061131c3a32945877533b5c6549c16997f31c76

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6acb9db79a66990bb3f640e33f662b0b

SHA1
02250af655fffa175eb57095161ffe375c96650b

SHA256
201171b5b5ca2aecf1edbdc8e3a3c3ba1361e2b1434ff36f6eeda75624b1be09

SHA512
692e067809e6c0c9cc2480b92bbc7d17f0f592f72d3c319c59925de94ef9a7c44b29b2a858ea18a04739c2a973cf2eb0bfcecd91cecf15905c4ca7707508cdd1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
f427a8fa5f90fd6abb315d168a897fec

SHA1
d2c3b67f620f91c613fc550e34cb11794c7485f6

SHA256
fc013b2d75c15ce4a93172a81bea6df855e59f26df3ae9dc0d408153e31a1fbb

SHA512
a3098ebfec68ce680233fd01898a743c5f70737b5594a2756ce066a71ff6f2d117dcc6f2bb0216ebbb7d1d6dea0c263140237af3a24b54d1a7ea6463677f2ac5

Download Submit