70ea343ebd4262b0198e4443015a8819ccc9f7fabc0cc72720ee04fd72faa25b

Analysis

max time kernel
145s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
02-10-2024 18:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0c085fb3df39be5aabd494385ac1e6ef_JaffaCakes118.html
Size

20KB
MD5

0c085fb3df39be5aabd494385ac1e6ef
SHA1

11249c42ae75be6f8ced45597948aca9719b7d0b
SHA256

70ea343ebd4262b0198e4443015a8819ccc9f7fabc0cc72720ee04fd72faa25b
SHA512

0ab47cdbe706c8ccadf58664a49d1618fb81054e19cb20c0350048965db9932e41fc73a34a57a9f74b86e28fd397228d67e900e2c9d6653fb2de3c446244eed4
SSDEEP

384:Ou6WKDo0lAtsdg4K7pSgQ9ITH8yl54hgra256WpysI8L:MlMUR9Ifa256BWL

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2140	msedge.exe
2140	msedge.exe
3620	msedge.exe
3620	msedge.exe
1132	identity_helper.exe
1132	identity_helper.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3620 wrote to memory of 2144	3620	msedge.exe	82
PID 3620 wrote to memory of 2144	3620	msedge.exe	82
PID 3620 wrote to memory of 8	3620	msedge.exe	83
PID 3620 wrote to memory of 8	3620	msedge.exe	83
PID 3620 wrote to memory of 8	3620	msedge.exe	83
PID 3620 wrote to memory of 8	3620	msedge.exe	83
PID 3620 wrote to memory of 8	3620	msedge.exe	83
PID 3620 wrote to memory of 8	3620	msedge.exe	83
PID 3620 wrote to memory of 8	3620	msedge.exe	83
PID 3620 wrote to memory of 8	3620	msedge.exe	83
PID 3620 wrote to memory of 8	3620	msedge.exe	83
PID 3620 wrote to memory of 8	3620	msedge.exe	83
PID 3620 wrote to memory of 8	3620	msedge.exe	83
PID 3620 wrote to memory of 8	3620	msedge.exe	83
PID 3620 wrote to memory of 8	3620	msedge.exe	83
PID 3620 wrote to memory of 8	3620	msedge.exe	83
PID 3620 wrote to memory of 8	3620	msedge.exe	83
PID 3620 wrote to memory of 8	3620	msedge.exe	83
PID 3620 wrote to memory of 8	3620	msedge.exe	83
PID 3620 wrote to memory of 8	3620	msedge.exe	83
PID 3620 wrote to memory of 8	3620	msedge.exe	83
PID 3620 wrote to memory of 8	3620	msedge.exe	83
PID 3620 wrote to memory of 8	3620	msedge.exe	83
PID 3620 wrote to memory of 8	3620	msedge.exe	83
PID 3620 wrote to memory of 8	3620	msedge.exe	83
PID 3620 wrote to memory of 8	3620	msedge.exe	83
PID 3620 wrote to memory of 8	3620	msedge.exe	83
PID 3620 wrote to memory of 8	3620	msedge.exe	83
PID 3620 wrote to memory of 8	3620	msedge.exe	83
PID 3620 wrote to memory of 8	3620	msedge.exe	83
PID 3620 wrote to memory of 8	3620	msedge.exe	83
PID 3620 wrote to memory of 8	3620	msedge.exe	83
PID 3620 wrote to memory of 8	3620	msedge.exe	83
PID 3620 wrote to memory of 8	3620	msedge.exe	83
PID 3620 wrote to memory of 8	3620	msedge.exe	83
PID 3620 wrote to memory of 8	3620	msedge.exe	83
PID 3620 wrote to memory of 8	3620	msedge.exe	83
PID 3620 wrote to memory of 8	3620	msedge.exe	83
PID 3620 wrote to memory of 8	3620	msedge.exe	83
PID 3620 wrote to memory of 8	3620	msedge.exe	83
PID 3620 wrote to memory of 8	3620	msedge.exe	83
PID 3620 wrote to memory of 8	3620	msedge.exe	83
PID 3620 wrote to memory of 2140	3620	msedge.exe	84
PID 3620 wrote to memory of 2140	3620	msedge.exe	84
PID 3620 wrote to memory of 4336	3620	msedge.exe	85
PID 3620 wrote to memory of 4336	3620	msedge.exe	85
PID 3620 wrote to memory of 4336	3620	msedge.exe	85
PID 3620 wrote to memory of 4336	3620	msedge.exe	85
PID 3620 wrote to memory of 4336	3620	msedge.exe	85
PID 3620 wrote to memory of 4336	3620	msedge.exe	85
PID 3620 wrote to memory of 4336	3620	msedge.exe	85
PID 3620 wrote to memory of 4336	3620	msedge.exe	85
PID 3620 wrote to memory of 4336	3620	msedge.exe	85
PID 3620 wrote to memory of 4336	3620	msedge.exe	85
PID 3620 wrote to memory of 4336	3620	msedge.exe	85
PID 3620 wrote to memory of 4336	3620	msedge.exe	85
PID 3620 wrote to memory of 4336	3620	msedge.exe	85
PID 3620 wrote to memory of 4336	3620	msedge.exe	85
PID 3620 wrote to memory of 4336	3620	msedge.exe	85
PID 3620 wrote to memory of 4336	3620	msedge.exe	85
PID 3620 wrote to memory of 4336	3620	msedge.exe	85
PID 3620 wrote to memory of 4336	3620	msedge.exe	85
PID 3620 wrote to memory of 4336	3620	msedge.exe	85
PID 3620 wrote to memory of 4336	3620	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\0c085fb3df39be5aabd494385ac1e6ef_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9984b46f8,0x7ff9984b4708,0x7ff9984b4718
  2⤵
  PID:2144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,10086849542982606202,17144286044662168634,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2064 /prefetch:2
  2⤵
  PID:8
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2052,10086849542982606202,17144286044662168634,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2120 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2052,10086849542982606202,17144286044662168634,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2756 /prefetch:8
  2⤵
  PID:4336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,10086849542982606202,17144286044662168634,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3204 /prefetch:1
  2⤵
  PID:3420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,10086849542982606202,17144286044662168634,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1
  2⤵
  PID:4228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,10086849542982606202,17144286044662168634,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4684 /prefetch:1
  2⤵
  PID:1872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,10086849542982606202,17144286044662168634,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4832 /prefetch:1
  2⤵
  PID:5096
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,10086849542982606202,17144286044662168634,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6108 /prefetch:8
  2⤵
  PID:4232
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,10086849542982606202,17144286044662168634,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6108 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,10086849542982606202,17144286044662168634,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5916 /prefetch:1
  2⤵
  PID:1428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,10086849542982606202,17144286044662168634,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5948 /prefetch:1
  2⤵
  PID:1156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,10086849542982606202,17144286044662168634,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1704 /prefetch:1
  2⤵
  PID:2364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,10086849542982606202,17144286044662168634,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4968 /prefetch:1
  2⤵
  PID:4864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,10086849542982606202,17144286044662168634,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5296 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2268

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1076

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4364

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
111c361619c017b5d09a13a56938bd54

SHA1
e02b363a8ceb95751623f25025a9299a2c931e07

SHA256
d7be4042a1e3511b0dbf0ab5c493245e4ac314440a4ae0732813db01a21ef8bc

SHA512
fc16a4ad0b56899b82d05114d7b0ca8ee610cdba6ff0b6a67dea44faf17b3105109335359b78c0a59c9011a13152744a7f5d4f6a5b66ea519df750ef03f622b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
983cbc1f706a155d63496ebc4d66515e

SHA1
223d0071718b80cad9239e58c5e8e64df6e2a2fe

SHA256
cc34b8f8e3f4bfe4c9a227d88f56ea2dd276ca3ac81df622ff5e9a8ec46b951c

SHA512
d9cf2ca46d9379902730c81e615a3eb694873ffd535c6bb3ded2dc97cdbbfb71051ab11a07754ed6f610f04285605b702b5a48a6cfda3ee3287230c41c9c45cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
112d31522cc1286f8b5f5a40eaaceb8b

SHA1
af9a266cf69d067a543f8c5d09d480af3a19baee

SHA256
381f2f05c17902996dd605d42ece5e2da387a15287db8d6cdc1b6a0fd375042b

SHA512
de76838525a21dbce9da4668cbe251fdc596abad08224a1fd451ce6bdc19e5db7bf3b8dcfcb06a68e315e3fe2c4c4ac67e6ad59514cdcbdfa1151a62faa15e7e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
76104ca3f1da1c380b79c15894958983

SHA1
163331eea7e09176d1352399bc35744a58c32ba3

SHA256
d9d48a83138a026a98e21d2d12d3d56b0da47909e159a24f4a5f8e8fa5972b4a

SHA512
1653c814b80afeb5b6af08674705a1d2f9812152476d14725148823a01877f84ef678df74bed4d3cd557bf073515dc4ced1d4580a0b03858a71a227e56ca685b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
613B

MD5
49edc2dead68c2eedc21a2ced853a882

SHA1
14f94f9f393fba4eee6f64470000226d74bd515e

SHA256
510fda4ef15a950cdba92a034dfddb4644d6df895c9aad61b94d11c23e659bf5

SHA512
377399becfdd215609d14f7f87286f958dc6dbaa2f7f1f1de48ca02abe88378de91733f50735d02ce9258e44609b4046b76419721b5c3903302d636326db477f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
86a18fcede9bc51c0804d802dca60b1d

SHA1
f78f35168298d49a8ac092c8c992521adb71fd7e

SHA256
9043a220f82e0c9670b2d0f93d0ad700f9f657db473c403cb04a11eb6254c955

SHA512
904aac0cf42758716b83aac15e317cf8bdbf893b70fe7ce14978e28c70aef34e4b7ac30f07aa7b9ae38678479f511a2cd53f7dd9a6ed8a0853b1d3fe3d12a846

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
96103a685a37618d2d0f1336049cd013

SHA1
be47659d03ee52f56ee364024d0a6e15b02ec179

SHA256
a3f17493a91cdcd5107fbf7d3a6de65ebe93e4bb2cb2796452baf83b007e0776

SHA512
f8c7ec442d3ec03001056c80603ba60aa0c22a5cc2958f4573c85885dda41820d73eddcc9cbdce6a5a62176bb1819563648d7976fe76a820a52504812299c8f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
fb98fa9e1ac59f2d2665f39668fb377d

SHA1
a801b920bc2a0d7c94b00070228acfd047480579

SHA256
a4a7ec87d3a6ccc20a1aee593498d934029349e0d281b1d8f21e4750b1da216a

SHA512
35e611df2e2ea32bd7ec07d2b2272dde8981e3db1cff0a6aed38f898cebff20430ed486c8ccd8efee35cc72ea287c0b01daa883652f332f6ac4f92157ea201c2

Download Submit