f3176a7423118f1ae523f65d875291739d631b74530e2d75d143388c8378239a

Analysis

max time kernel
145s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20250129-en
resource tags

arch:x64arch:x86image:win10v2004-20250129-enlocale:en-usos:windows10-2004-x64system
submitted
08-02-2025 16:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_c50af4c866dd1f4a240015607e313a3b.html
Size

130KB
MD5

c50af4c866dd1f4a240015607e313a3b
SHA1

326b4326dfb5497d061fbc6fb9240cef09cd659e
SHA256

f3176a7423118f1ae523f65d875291739d631b74530e2d75d143388c8378239a
SHA512

3575f141226e576b29134cf5ec11fea5726b3e24039b5b1cefe5c4b114bb5eda6ca48872f849037c439ff581a3e4b3fe72ffbf54904ac52dafd2cf99ba23fcf6
SSDEEP

768:2vk1ATx+Bw24Tp7VsiKAidNCiZW0HI8JjoE5Jcsm09XWhCFAfDv1p4ODMtFA6cVj:2RHsiKIiZdIXE5F4ZDMtFbcDOatOPg

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1284	msedge.exe
1284	msedge.exe
4312	msedge.exe
4312	msedge.exe
4744	identity_helper.exe
4744	identity_helper.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
4312	msedge.exe
4312	msedge.exe
4312	msedge.exe
4312	msedge.exe
4312	msedge.exe
4312	msedge.exe
4312	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4312	msedge.exe
4312	msedge.exe
4312	msedge.exe
4312	msedge.exe
4312	msedge.exe
4312	msedge.exe
4312	msedge.exe
4312	msedge.exe
4312	msedge.exe
4312	msedge.exe
4312	msedge.exe
4312	msedge.exe
4312	msedge.exe
4312	msedge.exe
4312	msedge.exe
4312	msedge.exe
4312	msedge.exe
4312	msedge.exe
4312	msedge.exe
4312	msedge.exe
4312	msedge.exe
4312	msedge.exe
4312	msedge.exe
4312	msedge.exe
4312	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4312	msedge.exe
4312	msedge.exe
4312	msedge.exe
4312	msedge.exe
4312	msedge.exe
4312	msedge.exe
4312	msedge.exe
4312	msedge.exe
4312	msedge.exe
4312	msedge.exe
4312	msedge.exe
4312	msedge.exe
4312	msedge.exe
4312	msedge.exe
4312	msedge.exe
4312	msedge.exe
4312	msedge.exe
4312	msedge.exe
4312	msedge.exe
4312	msedge.exe
4312	msedge.exe
4312	msedge.exe
4312	msedge.exe
4312	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4312 wrote to memory of 2976	4312	msedge.exe	84
PID 4312 wrote to memory of 2976	4312	msedge.exe	84
PID 4312 wrote to memory of 4664	4312	msedge.exe	85
PID 4312 wrote to memory of 4664	4312	msedge.exe	85
PID 4312 wrote to memory of 4664	4312	msedge.exe	85
PID 4312 wrote to memory of 4664	4312	msedge.exe	85
PID 4312 wrote to memory of 4664	4312	msedge.exe	85
PID 4312 wrote to memory of 4664	4312	msedge.exe	85
PID 4312 wrote to memory of 4664	4312	msedge.exe	85
PID 4312 wrote to memory of 4664	4312	msedge.exe	85
PID 4312 wrote to memory of 4664	4312	msedge.exe	85
PID 4312 wrote to memory of 4664	4312	msedge.exe	85
PID 4312 wrote to memory of 4664	4312	msedge.exe	85
PID 4312 wrote to memory of 4664	4312	msedge.exe	85
PID 4312 wrote to memory of 4664	4312	msedge.exe	85
PID 4312 wrote to memory of 4664	4312	msedge.exe	85
PID 4312 wrote to memory of 4664	4312	msedge.exe	85
PID 4312 wrote to memory of 4664	4312	msedge.exe	85
PID 4312 wrote to memory of 4664	4312	msedge.exe	85
PID 4312 wrote to memory of 4664	4312	msedge.exe	85
PID 4312 wrote to memory of 4664	4312	msedge.exe	85
PID 4312 wrote to memory of 4664	4312	msedge.exe	85
PID 4312 wrote to memory of 4664	4312	msedge.exe	85
PID 4312 wrote to memory of 4664	4312	msedge.exe	85
PID 4312 wrote to memory of 4664	4312	msedge.exe	85
PID 4312 wrote to memory of 4664	4312	msedge.exe	85
PID 4312 wrote to memory of 4664	4312	msedge.exe	85
PID 4312 wrote to memory of 4664	4312	msedge.exe	85
PID 4312 wrote to memory of 4664	4312	msedge.exe	85
PID 4312 wrote to memory of 4664	4312	msedge.exe	85
PID 4312 wrote to memory of 4664	4312	msedge.exe	85
PID 4312 wrote to memory of 4664	4312	msedge.exe	85
PID 4312 wrote to memory of 4664	4312	msedge.exe	85
PID 4312 wrote to memory of 4664	4312	msedge.exe	85
PID 4312 wrote to memory of 4664	4312	msedge.exe	85
PID 4312 wrote to memory of 4664	4312	msedge.exe	85
PID 4312 wrote to memory of 4664	4312	msedge.exe	85
PID 4312 wrote to memory of 4664	4312	msedge.exe	85
PID 4312 wrote to memory of 4664	4312	msedge.exe	85
PID 4312 wrote to memory of 4664	4312	msedge.exe	85
PID 4312 wrote to memory of 4664	4312	msedge.exe	85
PID 4312 wrote to memory of 4664	4312	msedge.exe	85
PID 4312 wrote to memory of 1284	4312	msedge.exe	86
PID 4312 wrote to memory of 1284	4312	msedge.exe	86
PID 4312 wrote to memory of 2928	4312	msedge.exe	87
PID 4312 wrote to memory of 2928	4312	msedge.exe	87
PID 4312 wrote to memory of 2928	4312	msedge.exe	87
PID 4312 wrote to memory of 2928	4312	msedge.exe	87
PID 4312 wrote to memory of 2928	4312	msedge.exe	87
PID 4312 wrote to memory of 2928	4312	msedge.exe	87
PID 4312 wrote to memory of 2928	4312	msedge.exe	87
PID 4312 wrote to memory of 2928	4312	msedge.exe	87
PID 4312 wrote to memory of 2928	4312	msedge.exe	87
PID 4312 wrote to memory of 2928	4312	msedge.exe	87
PID 4312 wrote to memory of 2928	4312	msedge.exe	87
PID 4312 wrote to memory of 2928	4312	msedge.exe	87
PID 4312 wrote to memory of 2928	4312	msedge.exe	87
PID 4312 wrote to memory of 2928	4312	msedge.exe	87
PID 4312 wrote to memory of 2928	4312	msedge.exe	87
PID 4312 wrote to memory of 2928	4312	msedge.exe	87
PID 4312 wrote to memory of 2928	4312	msedge.exe	87
PID 4312 wrote to memory of 2928	4312	msedge.exe	87
PID 4312 wrote to memory of 2928	4312	msedge.exe	87
PID 4312 wrote to memory of 2928	4312	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c50af4c866dd1f4a240015607e313a3b.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffebd2846f8,0x7ffebd284708,0x7ffebd284718
  2⤵
  PID:2976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,14983014208072288086,914331312314886376,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1960 /prefetch:2
  2⤵
  PID:4664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2172,14983014208072288086,914331312314886376,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2256 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2172,14983014208072288086,914331312314886376,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2580 /prefetch:8
  2⤵
  PID:2928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,14983014208072288086,914331312314886376,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
  2⤵
  PID:1852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,14983014208072288086,914331312314886376,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:4972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,14983014208072288086,914331312314886376,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6096 /prefetch:1
  2⤵
  PID:3612
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2172,14983014208072288086,914331312314886376,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5724 /prefetch:8
  2⤵
  PID:2696
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2172,14983014208072288086,914331312314886376,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5724 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,14983014208072288086,914331312314886376,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5828 /prefetch:1
  2⤵
  PID:4880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,14983014208072288086,914331312314886376,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5908 /prefetch:1
  2⤵
  PID:4048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,14983014208072288086,914331312314886376,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4224 /prefetch:1
  2⤵
  PID:2580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,14983014208072288086,914331312314886376,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5728 /prefetch:1
  2⤵
  PID:1440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,14983014208072288086,914331312314886376,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4924 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4136

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4944

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3088

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
bc29044ff79dd25458f32c381dc676af

SHA1
f4657c0bee9b865607ec3686b8d4f5d4c2c61cd7

SHA256
efe711204437661603d6e59765aba1654678f2093075c1eb2340dc5e80a1140f

SHA512
3d484f755d88c0485195b247230edb79c07cc0941dedbf2f34738ae4f80ba90595f5094c449b213c0c871ade6aff0a14d4acfe843186e2421ccbad221d34bf54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
709e5bc1c62a5aa20abcf92d1a3ae51c

SHA1
71c8b6688cd83f8ba088d3d44d851c19ee9ccff6

SHA256
aa718e97104d2a4c68a9dad4aae806a22060702177f836403094f7ca7f0f8d4e

SHA512
b9fc809fbb95b29336e5102382295d71235b0e3a54828b40380958a7feaf27c6407461765680e1f61d88e2692e912f8ec677a66ff965854bea6afae69d99cf24

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
395B

MD5
f7403af81ce4330d6d917a397a957336

SHA1
53146a20d5746b0204fc778f82902e9f05d7bcb4

SHA256
72029bbf791a026060e7a56d2c9be4b4ce783066925643904b84d8aae35ea538

SHA512
1b8c61988680c7ec0e1ee1eae4169f47920e4b4995d5c505fd18f88168061a48b283f79225433662147a134e77869e7c00d3e724e6877b4a0fb065a446dfbf67

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9e6e60f8a8e2164473fd0e53752387a5

SHA1
7ea3e859f42ca2ca6c969c50db8ddd9e1f26be1b

SHA256
c70e28d9279468d2813535e31b5425b3fe4e56285e876e173964e1ad6dad730d

SHA512
d54d47b4d6979c8ced909756e453eae171e91f973ee1483f012d8bacc6ebd89dedb7b1778c95f4699e056732a7ea68e27ca413bc867d665b0b704c39ec579c1f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
ed30162c51e776d614584ac164eaa23f

SHA1
7b96cf71d1f8a2a8c382997c30ec75b2bc1d46ea

SHA256
33725f2f111e4fb22e30c7a23c6a9fec0610ba90157a52e0c1bf8ac9dd19ccc9

SHA512
5bd381196e123aa228a94720ea3cddf5e972fcf206277d4ad8d5248db8f6286dcc33e49352b7b315dee796561b662f0c4ebebbb88c5f5253fa73fd588fe28610

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
16e944185aff3e0875a408e284ed3195

SHA1
7d10ca1495ae8ed8a94b75fd7c8b3dac886c9608

SHA256
75ef6420061b59bfcb834c1172d12d0748eadea9783ac30b1d552d2d8898433a

SHA512
72958ebb7be5be67101ae30c58c95a54372420b04785dfc5f77025173ec7bb6ae73c760bc52303b6c80dafa934cfdd6d59032f4a3145fc5f8c20a75a25576790

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
506dd3c289229041b1d65e486a2973eb

SHA1
69c01f025e9eade6a2295bebe26ec6b605105d2f

SHA256
a96027db16616e52ba9b8507729ea13e4d390837db9760547b3b97dbb3c8d310

SHA512
fe153734a7b05eb416d34eeef620267a6a80eb574d99c36c607d241f265d243800a0335dde5db4489076e9bf83c8022584817d49f8aedc9d9d815c8e320da035

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
934b8b39ea5aac93c7ae6e79b2eec46b

SHA1
498c3bf61d3dbc95a433cc6314711c158b572b1e

SHA256
1acb394bacc794b87c9d8f854d0d214d7b933b7c9a0f920b8c5efe9fefa56a78

SHA512
c32b4c0b6d2ff0bf325d68466d9a06fd3329cddff92e3127c10a6c3f4d5018593483ee89181041850d354ab4f9c92bc1d6b96b1fe27d11560316ffdc1c29fe68

Download Submit