bb4ef06ef89851c79fd5c305b4c03e3b0df530f4be446f05c1c85a0a18443d20

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20250211-en
resource tags

arch:x64arch:x86image:win10v2004-20250211-enlocale:en-usos:windows10-2004-x64system
submitted
15-02-2025 20:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_fc12fc8abdcb71908ba3ba57f9b732bf.html
Size

86KB
MD5

fc12fc8abdcb71908ba3ba57f9b732bf
SHA1

cfcfbb3fb469f6f1cc1bf63d32cd6315ee17d54a
SHA256

bb4ef06ef89851c79fd5c305b4c03e3b0df530f4be446f05c1c85a0a18443d20
SHA512

848f4dbab6d4f755a151696d2f2b2eae3e47d93592db593d1f958c9755d6978d2a12415ee686429c2c73e73a85ead71bd83900ad37f1fdfb4adf66a9e26370bb
SSDEEP

1536:CJox8mRk/lodohovNLodohbthxPLyC6tMSfcfd:CaElodohovNLodohbthcC6tMSfcfd

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file 1 IoCs

flow	pid	Process
138	1144	Process not Found

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe

System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 1 IoCs

Adversaries may check for Internet connectivity on compromised systems.

discovery

Internet Connection Discovery

T1016.001

pid	Process
4576	MicrosoftEdgeUpdate.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
2144	msedge.exe
2144	msedge.exe
3376	msedge.exe
3376	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
3376	msedge.exe
3376	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3376 wrote to memory of 4368	3376	msedge.exe	86
PID 3376 wrote to memory of 4368	3376	msedge.exe	86
PID 3376 wrote to memory of 1520	3376	msedge.exe	87
PID 3376 wrote to memory of 1520	3376	msedge.exe	87
PID 3376 wrote to memory of 1520	3376	msedge.exe	87
PID 3376 wrote to memory of 1520	3376	msedge.exe	87
PID 3376 wrote to memory of 1520	3376	msedge.exe	87
PID 3376 wrote to memory of 1520	3376	msedge.exe	87
PID 3376 wrote to memory of 1520	3376	msedge.exe	87
PID 3376 wrote to memory of 1520	3376	msedge.exe	87
PID 3376 wrote to memory of 1520	3376	msedge.exe	87
PID 3376 wrote to memory of 1520	3376	msedge.exe	87
PID 3376 wrote to memory of 1520	3376	msedge.exe	87
PID 3376 wrote to memory of 1520	3376	msedge.exe	87
PID 3376 wrote to memory of 1520	3376	msedge.exe	87
PID 3376 wrote to memory of 1520	3376	msedge.exe	87
PID 3376 wrote to memory of 1520	3376	msedge.exe	87
PID 3376 wrote to memory of 1520	3376	msedge.exe	87
PID 3376 wrote to memory of 1520	3376	msedge.exe	87
PID 3376 wrote to memory of 1520	3376	msedge.exe	87
PID 3376 wrote to memory of 1520	3376	msedge.exe	87
PID 3376 wrote to memory of 1520	3376	msedge.exe	87
PID 3376 wrote to memory of 1520	3376	msedge.exe	87
PID 3376 wrote to memory of 1520	3376	msedge.exe	87
PID 3376 wrote to memory of 1520	3376	msedge.exe	87
PID 3376 wrote to memory of 1520	3376	msedge.exe	87
PID 3376 wrote to memory of 1520	3376	msedge.exe	87
PID 3376 wrote to memory of 1520	3376	msedge.exe	87
PID 3376 wrote to memory of 1520	3376	msedge.exe	87
PID 3376 wrote to memory of 1520	3376	msedge.exe	87
PID 3376 wrote to memory of 1520	3376	msedge.exe	87
PID 3376 wrote to memory of 1520	3376	msedge.exe	87
PID 3376 wrote to memory of 1520	3376	msedge.exe	87
PID 3376 wrote to memory of 1520	3376	msedge.exe	87
PID 3376 wrote to memory of 1520	3376	msedge.exe	87
PID 3376 wrote to memory of 1520	3376	msedge.exe	87
PID 3376 wrote to memory of 1520	3376	msedge.exe	87
PID 3376 wrote to memory of 1520	3376	msedge.exe	87
PID 3376 wrote to memory of 1520	3376	msedge.exe	87
PID 3376 wrote to memory of 1520	3376	msedge.exe	87
PID 3376 wrote to memory of 1520	3376	msedge.exe	87
PID 3376 wrote to memory of 1520	3376	msedge.exe	87
PID 3376 wrote to memory of 2144	3376	msedge.exe	88
PID 3376 wrote to memory of 2144	3376	msedge.exe	88
PID 3376 wrote to memory of 5080	3376	msedge.exe	89
PID 3376 wrote to memory of 5080	3376	msedge.exe	89
PID 3376 wrote to memory of 5080	3376	msedge.exe	89
PID 3376 wrote to memory of 5080	3376	msedge.exe	89
PID 3376 wrote to memory of 5080	3376	msedge.exe	89
PID 3376 wrote to memory of 5080	3376	msedge.exe	89
PID 3376 wrote to memory of 5080	3376	msedge.exe	89
PID 3376 wrote to memory of 5080	3376	msedge.exe	89
PID 3376 wrote to memory of 5080	3376	msedge.exe	89
PID 3376 wrote to memory of 5080	3376	msedge.exe	89
PID 3376 wrote to memory of 5080	3376	msedge.exe	89
PID 3376 wrote to memory of 5080	3376	msedge.exe	89
PID 3376 wrote to memory of 5080	3376	msedge.exe	89
PID 3376 wrote to memory of 5080	3376	msedge.exe	89
PID 3376 wrote to memory of 5080	3376	msedge.exe	89
PID 3376 wrote to memory of 5080	3376	msedge.exe	89
PID 3376 wrote to memory of 5080	3376	msedge.exe	89
PID 3376 wrote to memory of 5080	3376	msedge.exe	89
PID 3376 wrote to memory of 5080	3376	msedge.exe	89
PID 3376 wrote to memory of 5080	3376	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_fc12fc8abdcb71908ba3ba57f9b732bf.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9bd9446f8,0x7ff9bd944708,0x7ff9bd944718
  2⤵
  PID:4368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,10510266323711016612,11240845063829223059,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2
  2⤵
  PID:1520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,10510266323711016612,11240845063829223059,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2308 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2136,10510266323711016612,11240845063829223059,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2924 /prefetch:8
  2⤵
  PID:5080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,10510266323711016612,11240845063829223059,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,10510266323711016612,11240845063829223059,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:8
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,10510266323711016612,11240845063829223059,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3144 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3740

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2396

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:940

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuNDMiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuNDMiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7Qzk1NkVGMzAtM0M1RC00QTg4LTlGNDItRkVCMDVDNEQ2RjQwfSIgdXNlcmlkPSJ7M0VEMTMwQkYtQUM5RS00RUUzLTkyQ0QtQTEwRTBFNkE1QTgzfSIgaW5zdGFsbHNvdXJjZT0ibGltaXRlZCIgcmVxdWVzdGlkPSJ7ODIwQ0YwOEMtMjQ2MC00MUYwLUEzRDktQUVDMkUxRDc2MjREfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjIiIHBoeXNtZW1vcnk9IjQiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0MS4xMjg4IiBzcD0iIiBhcmNoPSJ4NjQiIHByb2R1Y3RfdHlwZT0iNDgiIGlzX3dpcD0iMCIgaXNfaW5fbG9ja2Rvd25fbW9kZT0iMCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IiIgcHJvZHVjdF9uYW1lPSIiLz48ZXhwIGV0YWc9IiZxdW90O0UreGJBejZZNnNVMTI4OWJTNnFsNFZSTGJramZCVUdUTUpzanJIcjQ0aUk9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0iezhBNjlEMzQ1LUQ1NjQtNDYzYy1BRkYxLUE2OUQ5RTUzMEY5Nn0iIHZlcnNpb249IjEyMy4wLjYzMTIuMTIzIiBuZXh0dmVyc2lvbj0iIiBsYW5nPSJlbiIgYnJhbmQ9IkdHTFMiIGNsaWVudD0iIiBpbnN0YWxsYWdlPSI0IiBpbnN0YWxsZGF0ZXRpbWU9IjE3MzkyODMyMzYiIG9vYmVfaW5zdGFsbF90aW1lPSIxMzM4Mzc1NDI1MTE0ODAwMDAiPjxldmVudCBldmVudHR5cGU9IjMxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIyMTc5ODYyIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI1NDMyOTc0ODQ0Ii8-PC9hcHA-PC9yZXF1ZXN0Pg
1⤵
- System Location Discovery: System Language Discovery
- System Network Configuration Discovery: Internet Connection Discovery
PID:4576

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1af47ff71a93ce65b67715d8eab1463f

SHA1
f7cb1fe4b76f2a24d12acbe5d77d8e69b766245a

SHA256
d4e05a41fc65aca28648d51d557db9494dcb31c484c150a851d0b3369f18821e

SHA512
4826974f8d9e8280dc8329b8a43d18199909caa2e425de6a4583aacd71f94228a38688c26b0c6127fee13168e518457f50f0769d25215d9629f1c681dea34e7e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
dcf6c443f82d4a5f87e2682853b2f355

SHA1
ca4623dc0bc7b7bc4f31dc0dd8834ee743fc357a

SHA256
30d0d0bb11a133f7295c839c78a88d72324d9e279b9c465124ee5d50299b7a86

SHA512
b9163bb08cafcfbc8e0e52d6cb7ca72c5137ff5347c0a7c86787478ce979c3390f355f9f1ece9be1a8fe5df9b94dbbb1ae574b0cc1b63959ea630157765e11f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
942B

MD5
1e0caecd24aca9048e327f553272d4e1

SHA1
f748ad787a20a5efa3a089f53e8cb1c2df676243

SHA256
d359258e1f10e4e6e9f9560616071904403d7d8eca09a3f93ab046d1f642f005

SHA512
e96b7ac7914b860a85b9414c6cd3fe8de9f0dab38457d5ff1401dced31526d2709541dda43587d420d120f2480900eaea69bc39197e25ffbbc6945f67870c3b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
973B

MD5
8c94531c8da7d684211b2b84c4242478

SHA1
fa08fef42e9ca7a15051a1582dc062743e3ff028

SHA256
2d1f72b567020171c8649c0dbbec839796217b6ddd243e91f670fa8368d8a737

SHA512
033291fd24d0c59fe7c186c962282c925dab962acc58ccdf672c9ac4e2c4aa19e80b5e3ab87df14c9b36e9d473d6b109a9f22be4c762fc37c3f4f39b8ce05601

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
cb39c256bac1079ae0d06c5d8e66692d

SHA1
56048173fcfa3500957952164664beb47cf2a6ff

SHA256
5abafb1c1c4ab7b6388f4889512afe36f7a932141232a092c69484c856bc0c77

SHA512
8eed493de91941761f1b14510fe56cd5de9c607e1bf7b1e7a8b88564452aee853a0f51a20d5f65bd0133d664e1b3be45e93658c52d7f8feefa939ea58b3d51dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
67ebf32c5fd2e00b16a23ad64b10f71c

SHA1
e7ae11e882f5057f4d278af31232db82109b9f34

SHA256
a7304d91d1817df989b6757a946d3b1ea632a5ad84ae2b54076247f92be28655

SHA512
8e47a2bcf149c001a4010f1aeaeff8df8efe413c017d3332d7d33846bb0ce3e558da26db0a96739ae55177735b3dd58ef5c2c533fd6c266defc7e1cf111c5487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
fb6e0b749c0258f2c0e865ca04da0bed

SHA1
a1d5689b8e21c3a3912ea5f1a0fe3ec3c0732dbe

SHA256
32f3222c9a35c07695b0246bb50ddbf47ff236cf45b62260b4f93746b42f626b

SHA512
622bf0fbdfda5776f0220151b01a6c78e43cdbd839855fdd00622f71272326e4d1624732823dc7e1c748c4331e3b372d2456a9035cc61be17be5899432fc7f72

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
d1ee2cee3291c00cc5e66aeba75c8537

SHA1
5d341aafd77a04a33a3fd84da27767de71f88518

SHA256
96d435f114324782058ab5eb6337ef8a80aa107b00dde01620b9c952b9336597

SHA512
3dd4f32fd93c91f23e112d0b9f2cd3c94f28dda7383285f28b89c5bd649c12a1fac3e457bdb40d5a9456e5da80e6e463a71b673639e2135fab44c09c2d876ba9

Download Submit