aaf0aaf4b9b26599c9e7e6a87f18a0f9d38cc5aebdc8501084831f20f8391918

Analysis

max time kernel
145s
max time network
139s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
15/04/2024, 03:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f041b294b1f077b8d4e6d369b48a5f42_JaffaCakes118.html
Size

47KB
MD5

f041b294b1f077b8d4e6d369b48a5f42
SHA1

0450df6061d4afd52ac01d8646e0a4ae38756aea
SHA256

aaf0aaf4b9b26599c9e7e6a87f18a0f9d38cc5aebdc8501084831f20f8391918
SHA512

1da80e2d9e4976608f1a678060c5307393c2c7a9fef5a8f4eef579328716060d1883b45afb6f6ad3b528b912ef34fe3fa0e2b77b58972bd63f04104c799193b6
SSDEEP

768:cd52pAcpJKS7SVOf7ETx0zJst/vHyzVqEk1FuOGg/1:652pAcLKS7SVOsx0A/vHyzAEk1FuOGgd

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3432	msedge.exe
3432	msedge.exe
336	msedge.exe
336	msedge.exe
3076	identity_helper.exe
3076	identity_helper.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
336	msedge.exe
336	msedge.exe
336	msedge.exe
336	msedge.exe
336	msedge.exe
336	msedge.exe
336	msedge.exe
336	msedge.exe
336	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
336	msedge.exe
336	msedge.exe
336	msedge.exe
336	msedge.exe
336	msedge.exe
336	msedge.exe
336	msedge.exe
336	msedge.exe
336	msedge.exe
336	msedge.exe
336	msedge.exe
336	msedge.exe
336	msedge.exe
336	msedge.exe
336	msedge.exe
336	msedge.exe
336	msedge.exe
336	msedge.exe
336	msedge.exe
336	msedge.exe
336	msedge.exe
336	msedge.exe
336	msedge.exe
336	msedge.exe
336	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
336	msedge.exe
336	msedge.exe
336	msedge.exe
336	msedge.exe
336	msedge.exe
336	msedge.exe
336	msedge.exe
336	msedge.exe
336	msedge.exe
336	msedge.exe
336	msedge.exe
336	msedge.exe
336	msedge.exe
336	msedge.exe
336	msedge.exe
336	msedge.exe
336	msedge.exe
336	msedge.exe
336	msedge.exe
336	msedge.exe
336	msedge.exe
336	msedge.exe
336	msedge.exe
336	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 336 wrote to memory of 4368	336	msedge.exe	85
PID 336 wrote to memory of 4368	336	msedge.exe	85
PID 336 wrote to memory of 4876	336	msedge.exe	87
PID 336 wrote to memory of 4876	336	msedge.exe	87
PID 336 wrote to memory of 4876	336	msedge.exe	87
PID 336 wrote to memory of 4876	336	msedge.exe	87
PID 336 wrote to memory of 4876	336	msedge.exe	87
PID 336 wrote to memory of 4876	336	msedge.exe	87
PID 336 wrote to memory of 4876	336	msedge.exe	87
PID 336 wrote to memory of 4876	336	msedge.exe	87
PID 336 wrote to memory of 4876	336	msedge.exe	87
PID 336 wrote to memory of 4876	336	msedge.exe	87
PID 336 wrote to memory of 4876	336	msedge.exe	87
PID 336 wrote to memory of 4876	336	msedge.exe	87
PID 336 wrote to memory of 4876	336	msedge.exe	87
PID 336 wrote to memory of 4876	336	msedge.exe	87
PID 336 wrote to memory of 4876	336	msedge.exe	87
PID 336 wrote to memory of 4876	336	msedge.exe	87
PID 336 wrote to memory of 4876	336	msedge.exe	87
PID 336 wrote to memory of 4876	336	msedge.exe	87
PID 336 wrote to memory of 4876	336	msedge.exe	87
PID 336 wrote to memory of 4876	336	msedge.exe	87
PID 336 wrote to memory of 4876	336	msedge.exe	87
PID 336 wrote to memory of 4876	336	msedge.exe	87
PID 336 wrote to memory of 4876	336	msedge.exe	87
PID 336 wrote to memory of 4876	336	msedge.exe	87
PID 336 wrote to memory of 4876	336	msedge.exe	87
PID 336 wrote to memory of 4876	336	msedge.exe	87
PID 336 wrote to memory of 4876	336	msedge.exe	87
PID 336 wrote to memory of 4876	336	msedge.exe	87
PID 336 wrote to memory of 4876	336	msedge.exe	87
PID 336 wrote to memory of 4876	336	msedge.exe	87
PID 336 wrote to memory of 4876	336	msedge.exe	87
PID 336 wrote to memory of 4876	336	msedge.exe	87
PID 336 wrote to memory of 4876	336	msedge.exe	87
PID 336 wrote to memory of 4876	336	msedge.exe	87
PID 336 wrote to memory of 4876	336	msedge.exe	87
PID 336 wrote to memory of 4876	336	msedge.exe	87
PID 336 wrote to memory of 4876	336	msedge.exe	87
PID 336 wrote to memory of 4876	336	msedge.exe	87
PID 336 wrote to memory of 4876	336	msedge.exe	87
PID 336 wrote to memory of 4876	336	msedge.exe	87
PID 336 wrote to memory of 3432	336	msedge.exe	88
PID 336 wrote to memory of 3432	336	msedge.exe	88
PID 336 wrote to memory of 4728	336	msedge.exe	89
PID 336 wrote to memory of 4728	336	msedge.exe	89
PID 336 wrote to memory of 4728	336	msedge.exe	89
PID 336 wrote to memory of 4728	336	msedge.exe	89
PID 336 wrote to memory of 4728	336	msedge.exe	89
PID 336 wrote to memory of 4728	336	msedge.exe	89
PID 336 wrote to memory of 4728	336	msedge.exe	89
PID 336 wrote to memory of 4728	336	msedge.exe	89
PID 336 wrote to memory of 4728	336	msedge.exe	89
PID 336 wrote to memory of 4728	336	msedge.exe	89
PID 336 wrote to memory of 4728	336	msedge.exe	89
PID 336 wrote to memory of 4728	336	msedge.exe	89
PID 336 wrote to memory of 4728	336	msedge.exe	89
PID 336 wrote to memory of 4728	336	msedge.exe	89
PID 336 wrote to memory of 4728	336	msedge.exe	89
PID 336 wrote to memory of 4728	336	msedge.exe	89
PID 336 wrote to memory of 4728	336	msedge.exe	89
PID 336 wrote to memory of 4728	336	msedge.exe	89
PID 336 wrote to memory of 4728	336	msedge.exe	89
PID 336 wrote to memory of 4728	336	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\f041b294b1f077b8d4e6d369b48a5f42_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff94e7346f8,0x7ff94e734708,0x7ff94e734718
  2⤵
  PID:4368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,1641309350047398761,6929243106360384348,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2
  2⤵
  PID:4876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,1641309350047398761,6929243106360384348,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,1641309350047398761,6929243106360384348,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2872 /prefetch:8
  2⤵
  PID:4728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,1641309350047398761,6929243106360384348,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:3448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,1641309350047398761,6929243106360384348,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,1641309350047398761,6929243106360384348,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5060 /prefetch:1
  2⤵
  PID:4564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,1641309350047398761,6929243106360384348,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5196 /prefetch:1
  2⤵
  PID:716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,1641309350047398761,6929243106360384348,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5728 /prefetch:1
  2⤵
  PID:1948
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,1641309350047398761,6929243106360384348,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6328 /prefetch:8
  2⤵
  PID:2840
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,1641309350047398761,6929243106360384348,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6328 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,1641309350047398761,6929243106360384348,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5140 /prefetch:1
  2⤵
  PID:2312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,1641309350047398761,6929243106360384348,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4220 /prefetch:1
  2⤵
  PID:4024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,1641309350047398761,6929243106360384348,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5720 /prefetch:1
  2⤵
  PID:2460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,1641309350047398761,6929243106360384348,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5904 /prefetch:1
  2⤵
  PID:4664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,1641309350047398761,6929243106360384348,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4796 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1436

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3664

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2816

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e36b219dcae7d32ec82cec3245512f80

SHA1
6b2bd46e4f6628d66f7ec4b5c399b8c9115a9466

SHA256
16bc6f47bbfbd4e54c3163dafe784486b72d0b78e6ea3593122edb338448a27b

SHA512
fc539c461d87141a180cf71bb6a636c75517e5e7226e76b71fd64e834dcacc88fcaaa92a9a00999bc0afc4fb93b7304b068000f14653c05ff03dd7baef3f225c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
559ff144c30d6a7102ec298fb7c261c4

SHA1
badecb08f9a6c849ce5b30c348156b45ac9120b9

SHA256
5444032cb994b90287c0262f2fba16f38e339073fd89aa3ab2592dfebc3e6f10

SHA512
3a45661fc29e312aa643a12447bffdab83128fe5124077a870090081af6aaa4cf0bd021889ab1df5cd40f44adb055b1394b31313515c2929f714824c89fd0f04

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
69daba130f7d47ab1ce4158be0ab949d

SHA1
bf6e60f9327129878370bd52a4ea89ffdc38c312

SHA256
e07bcd45d9c8811c271789c04c65b8c45b02d42f09827bc92eb5872b24a21dca

SHA512
96d2b6d82cfda9b2c858d144611af3855d453581c049e7939f8030f742f28329ff8869b87ccaa329f9bb4b6d55250e0e994bdcddecdcde73488a5d44b8c3b8c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
f3e6cf09e0da153363035d3bba52affc

SHA1
f054bb5f9dd5ba9f1f45140da51089f977076d46

SHA256
b11b5fac4ff43fcf43158d34018be00a9000a47afb62a41ea4dbaa55499129ee

SHA512
94aba7a89d91e6c7ab04900135aca6168df9cc9e6919d63258b4a90ca219988a5460dfc00c8477e826b25c0b7d426cecb7019e046d220a55363e731b250547ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8cbb52f1522468b1d48e44f9944d3446

SHA1
0503afde905bea97f4cf07ce350020ba2084a810

SHA256
f1f7b60d5816f876eb7ff242ab66f8dada88224c3fd6fb504b0b8f4a34bff67c

SHA512
b6b75827469ff3c9934a05ac2caf56ac2f5201fe6b2248d6b80f8482b326236c8a611546d52aa351d455871aebed277a997ad1cf86138c1ab8c7d2d23aab6790

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
139980786a3a1cc2817ab59ddc3ff739

SHA1
15b6c681c585de782df69a0ff84e9a53fb381798

SHA256
f91223c7df1e275c7070f5c64cd42c61c80fd64206fb4b066e19c22ee40afa7f

SHA512
5aa598c079f955cbd92ab5c6d7a2cdcf984ea88e59c3d5082622c1080aee896174358a7d583e2a43e85336740eedfbbeda9076caed51f46788df0ce138f845fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
e90ac9969148dd51b6c737d967eca7c7

SHA1
39c2b00175db520ead50b7e7b7fa3de8a29dac25

SHA256
d9aab164f5435326b7f2caac76281fdc1452decdc4ca9662c07adb8c4d54e441

SHA512
afaac40f0dc6c56b32de283d92e924fa0d5d9fdfeba5b44ff8274954ec0c8bcf4739d8d171176dd384388dfc53698f6d8b4b3cce1795c133e3890f98c9b01514

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
9b16677f624e9e9fdd718996efd7a375

SHA1
6487661880fbc1f14fcd83173dffbde4f5c8c902

SHA256
092454ec7d40e0ec83d1488056f311527af1fec77f4b3cac67b412084ec74567

SHA512
2c79be1f13249c59b193c700eefc998ba0d0239986241e866d1d3e33560b69e64f51b839c7ea7b69444c3c74ee6310cdfa48dcac780b7b447016822287592e48

Download Submit