3212014d9c0f4cdad9c50924be0f0efb6abe82422fd3aadcb7ce8286fd8d6312

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
14-10-2024 23:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

44aac7926cbd207e4533ddbc6beff0c5_JaffaCakes118.html
Size

27KB
MD5

44aac7926cbd207e4533ddbc6beff0c5
SHA1

9afbe46fef7c10ad1287bb7d26191a5e81758b7f
SHA256

3212014d9c0f4cdad9c50924be0f0efb6abe82422fd3aadcb7ce8286fd8d6312
SHA512

5290376ec27c83270a8794cfab48f4f8604883066c70d00286e938cc227a6589963981a84fc586b86596d2324474a37e53507140da83ffbd9c1285a7735b0b7c
SSDEEP

384:SYC3uYc9BqJ8vJTeWuJHcjVrv9XYjrrNCaWdTxUR8DwUhJ9143J+QXRQdbeGFfbb:PC3uYUZeWhqVdR0HDca

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4036	msedge.exe
4036	msedge.exe
4868	msedge.exe
4868	msedge.exe
3148	identity_helper.exe
3148	identity_helper.exe
5620	msedge.exe
5620	msedge.exe
5620	msedge.exe
5620	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4868 wrote to memory of 4952	4868	msedge.exe	84
PID 4868 wrote to memory of 4952	4868	msedge.exe	84
PID 4868 wrote to memory of 2764	4868	msedge.exe	85
PID 4868 wrote to memory of 2764	4868	msedge.exe	85
PID 4868 wrote to memory of 2764	4868	msedge.exe	85
PID 4868 wrote to memory of 2764	4868	msedge.exe	85
PID 4868 wrote to memory of 2764	4868	msedge.exe	85
PID 4868 wrote to memory of 2764	4868	msedge.exe	85
PID 4868 wrote to memory of 2764	4868	msedge.exe	85
PID 4868 wrote to memory of 2764	4868	msedge.exe	85
PID 4868 wrote to memory of 2764	4868	msedge.exe	85
PID 4868 wrote to memory of 2764	4868	msedge.exe	85
PID 4868 wrote to memory of 2764	4868	msedge.exe	85
PID 4868 wrote to memory of 2764	4868	msedge.exe	85
PID 4868 wrote to memory of 2764	4868	msedge.exe	85
PID 4868 wrote to memory of 2764	4868	msedge.exe	85
PID 4868 wrote to memory of 2764	4868	msedge.exe	85
PID 4868 wrote to memory of 2764	4868	msedge.exe	85
PID 4868 wrote to memory of 2764	4868	msedge.exe	85
PID 4868 wrote to memory of 2764	4868	msedge.exe	85
PID 4868 wrote to memory of 2764	4868	msedge.exe	85
PID 4868 wrote to memory of 2764	4868	msedge.exe	85
PID 4868 wrote to memory of 2764	4868	msedge.exe	85
PID 4868 wrote to memory of 2764	4868	msedge.exe	85
PID 4868 wrote to memory of 2764	4868	msedge.exe	85
PID 4868 wrote to memory of 2764	4868	msedge.exe	85
PID 4868 wrote to memory of 2764	4868	msedge.exe	85
PID 4868 wrote to memory of 2764	4868	msedge.exe	85
PID 4868 wrote to memory of 2764	4868	msedge.exe	85
PID 4868 wrote to memory of 2764	4868	msedge.exe	85
PID 4868 wrote to memory of 2764	4868	msedge.exe	85
PID 4868 wrote to memory of 2764	4868	msedge.exe	85
PID 4868 wrote to memory of 2764	4868	msedge.exe	85
PID 4868 wrote to memory of 2764	4868	msedge.exe	85
PID 4868 wrote to memory of 2764	4868	msedge.exe	85
PID 4868 wrote to memory of 2764	4868	msedge.exe	85
PID 4868 wrote to memory of 2764	4868	msedge.exe	85
PID 4868 wrote to memory of 2764	4868	msedge.exe	85
PID 4868 wrote to memory of 2764	4868	msedge.exe	85
PID 4868 wrote to memory of 2764	4868	msedge.exe	85
PID 4868 wrote to memory of 2764	4868	msedge.exe	85
PID 4868 wrote to memory of 2764	4868	msedge.exe	85
PID 4868 wrote to memory of 4036	4868	msedge.exe	86
PID 4868 wrote to memory of 4036	4868	msedge.exe	86
PID 4868 wrote to memory of 4808	4868	msedge.exe	87
PID 4868 wrote to memory of 4808	4868	msedge.exe	87
PID 4868 wrote to memory of 4808	4868	msedge.exe	87
PID 4868 wrote to memory of 4808	4868	msedge.exe	87
PID 4868 wrote to memory of 4808	4868	msedge.exe	87
PID 4868 wrote to memory of 4808	4868	msedge.exe	87
PID 4868 wrote to memory of 4808	4868	msedge.exe	87
PID 4868 wrote to memory of 4808	4868	msedge.exe	87
PID 4868 wrote to memory of 4808	4868	msedge.exe	87
PID 4868 wrote to memory of 4808	4868	msedge.exe	87
PID 4868 wrote to memory of 4808	4868	msedge.exe	87
PID 4868 wrote to memory of 4808	4868	msedge.exe	87
PID 4868 wrote to memory of 4808	4868	msedge.exe	87
PID 4868 wrote to memory of 4808	4868	msedge.exe	87
PID 4868 wrote to memory of 4808	4868	msedge.exe	87
PID 4868 wrote to memory of 4808	4868	msedge.exe	87
PID 4868 wrote to memory of 4808	4868	msedge.exe	87
PID 4868 wrote to memory of 4808	4868	msedge.exe	87
PID 4868 wrote to memory of 4808	4868	msedge.exe	87
PID 4868 wrote to memory of 4808	4868	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\44aac7926cbd207e4533ddbc6beff0c5_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa97c046f8,0x7ffa97c04708,0x7ffa97c04718
  2⤵
  PID:4952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1472,14509937767856065766,147065246408702056,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2
  2⤵
  PID:2764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1472,14509937767856065766,147065246408702056,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2292 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1472,14509937767856065766,147065246408702056,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2344 /prefetch:8
  2⤵
  PID:4808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1472,14509937767856065766,147065246408702056,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3128 /prefetch:1
  2⤵
  PID:4756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1472,14509937767856065766,147065246408702056,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3140 /prefetch:1
  2⤵
  PID:456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1472,14509937767856065766,147065246408702056,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4688 /prefetch:1
  2⤵
  PID:1324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1472,14509937767856065766,147065246408702056,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4880 /prefetch:1
  2⤵
  PID:4152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1472,14509937767856065766,147065246408702056,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5648 /prefetch:1
  2⤵
  PID:4800
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1472,14509937767856065766,147065246408702056,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5296 /prefetch:8
  2⤵
  PID:1244
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1472,14509937767856065766,147065246408702056,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5296 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1472,14509937767856065766,147065246408702056,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
  2⤵
  PID:4756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1472,14509937767856065766,147065246408702056,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6124 /prefetch:1
  2⤵
  PID:752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1472,14509937767856065766,147065246408702056,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5696 /prefetch:1
  2⤵
  PID:3628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1472,14509937767856065766,147065246408702056,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5708 /prefetch:1
  2⤵
  PID:4372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1472,14509937767856065766,147065246408702056,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1784 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5620

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3764

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3720

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
dc058ebc0f8181946a312f0be99ed79c

SHA1
0c6f376ed8f2d4c275336048c7c9ef9edf18bff0

SHA256
378701e87dcff90aa092702bc299859d6ae8f7e313f773bf594f81df6f40bf6a

SHA512
36e0de64a554762b28045baebf9f71930c59d608f8d05c5faf8906d62eaf83f6d856ef1d1b38110e512fbb1a85d3e2310be11a7f679c6b5b3c62313cc7af52aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a0486d6f8406d852dd805b66ff467692

SHA1
77ba1f63142e86b21c951b808f4bc5d8ed89b571

SHA256
c0745fd195f3a51b27e4d35a626378a62935dccebefb94db404166befd68b2be

SHA512
065a62032eb799fade5fe75f390e7ab3c9442d74cb8b520d846662d144433f39b9186b3ef3db3480cd1d1d655d8f0630855ed5d6e85cf157a40c38a19375ed8a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
a6dcc59afcef131d9931719fbcfa7fc0

SHA1
e72901b567a9fe078a2082c9959d99caebb3a7ca

SHA256
197868d9ba7ad789f3a9d340808a51ce0f1c47378d57968a065562588da21632

SHA512
a1031b79179d2fc2e04cf765b83926c203074af57ef9b63b0f90ad49dd5e64759a6cf558e525dfc9042bb4ea340c03c12ea1514b575a3466f2af872e57226fce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
796B

MD5
d8d9df2ffa3426ce1f9c17577bdc85d0

SHA1
739d20be14465873d19e02b8a249989192e255e5

SHA256
34e55ca7e241eaaad17a8763f27e907ce2b3fa66fbd64c47cc2ef1b880018321

SHA512
dfd7725e03db9224c0a3c4a683d519f4e53087e02c5eb3fde5a64646963d9352f10044306205414c385f396ab55ed43129d76240c97f51af0484d51ba1a830ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4f27eaa52bffc65dbb81d4eda2d86176

SHA1
83808553f9cfc9f53c05b82e81372364595fa3e5

SHA256
fb2ed8a83d593830f3eaacd6e0a3498fe04d5c334fd6667467760d9ef9569b58

SHA512
569d524f73d9a9bf393fe5f65b5020933737686c829691d08f4f51b55fd94e9e8bc8c9135088c1325f39844bdb7578a1ef5058838e847c56c4c5f98a2b000b65

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a08c4e8db67575d9a805d45597072175

SHA1
3df40905e8a6d4e76917669a42063659d274be86

SHA256
6fd8e476f7afc3047274d64945e9bf74ca0ea5e46be36226a2bfa7bbd85b7ddb

SHA512
0772980395db559aaf406e6b04f338d7bd5a0693c028aed8f98c044501fa854b0e6f8d216194df39e777cc323711161a4c5b8167954ae26edb3c2b034e71e3f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
85c2f14a16517c009cb392d23a01c02b

SHA1
57f870445ab5a3c186897548310501535f399217

SHA256
66390402751fc6578394c2a918c912e2f3b7c6092976ed763f86af1e018317f5

SHA512
6c8a888e65a1f56d6b9ce9ad4d8c3cfb5de28357c027104713db25baa8914a22d64118fbe78b738856d0fc895259f233162a5de283731c0260703c96a490e7c9

Download Submit