0a056c4ae0b8e83beafe0c60739c09456e1130506bb3b162b19c2023628ce544

Analysis

max time kernel
145s
max time network
142s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
09/05/2024, 20:14

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

2b82c2b245c31d02af69608edce1fd58_JaffaCakes118.html
Size

32KB
MD5

2b82c2b245c31d02af69608edce1fd58
SHA1

c9b029185a897e4488e2ce1f5946a5e71be741c3
SHA256

0a056c4ae0b8e83beafe0c60739c09456e1130506bb3b162b19c2023628ce544
SHA512

b2a59b5b4ec2428056ff11e553dc5b9f87d2c53865362ed25bb6f005e517d3af64f839602da9918b3fa25472c604a2bac51b10a2adfcfca2b617a5cb83c7dbbd
SSDEEP

384:SROjl5b3XPqaqqwzAxXf5GJwziIgt8xXf9R+fVVVXVCVHVtVkX/3SbtUwLg0001g:SRkb3Xibuxpy/iRLi

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2944	msedge.exe
2944	msedge.exe
1440	msedge.exe
1440	msedge.exe
5100	identity_helper.exe
5100	identity_helper.exe
1000	msedge.exe
1000	msedge.exe
1000	msedge.exe
1000	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1440 wrote to memory of 3788	1440	msedge.exe	81
PID 1440 wrote to memory of 3788	1440	msedge.exe	81
PID 1440 wrote to memory of 4916	1440	msedge.exe	82
PID 1440 wrote to memory of 4916	1440	msedge.exe	82
PID 1440 wrote to memory of 4916	1440	msedge.exe	82
PID 1440 wrote to memory of 4916	1440	msedge.exe	82
PID 1440 wrote to memory of 4916	1440	msedge.exe	82
PID 1440 wrote to memory of 4916	1440	msedge.exe	82
PID 1440 wrote to memory of 4916	1440	msedge.exe	82
PID 1440 wrote to memory of 4916	1440	msedge.exe	82
PID 1440 wrote to memory of 4916	1440	msedge.exe	82
PID 1440 wrote to memory of 4916	1440	msedge.exe	82
PID 1440 wrote to memory of 4916	1440	msedge.exe	82
PID 1440 wrote to memory of 4916	1440	msedge.exe	82
PID 1440 wrote to memory of 4916	1440	msedge.exe	82
PID 1440 wrote to memory of 4916	1440	msedge.exe	82
PID 1440 wrote to memory of 4916	1440	msedge.exe	82
PID 1440 wrote to memory of 4916	1440	msedge.exe	82
PID 1440 wrote to memory of 4916	1440	msedge.exe	82
PID 1440 wrote to memory of 4916	1440	msedge.exe	82
PID 1440 wrote to memory of 4916	1440	msedge.exe	82
PID 1440 wrote to memory of 4916	1440	msedge.exe	82
PID 1440 wrote to memory of 4916	1440	msedge.exe	82
PID 1440 wrote to memory of 4916	1440	msedge.exe	82
PID 1440 wrote to memory of 4916	1440	msedge.exe	82
PID 1440 wrote to memory of 4916	1440	msedge.exe	82
PID 1440 wrote to memory of 4916	1440	msedge.exe	82
PID 1440 wrote to memory of 4916	1440	msedge.exe	82
PID 1440 wrote to memory of 4916	1440	msedge.exe	82
PID 1440 wrote to memory of 4916	1440	msedge.exe	82
PID 1440 wrote to memory of 4916	1440	msedge.exe	82
PID 1440 wrote to memory of 4916	1440	msedge.exe	82
PID 1440 wrote to memory of 4916	1440	msedge.exe	82
PID 1440 wrote to memory of 4916	1440	msedge.exe	82
PID 1440 wrote to memory of 4916	1440	msedge.exe	82
PID 1440 wrote to memory of 4916	1440	msedge.exe	82
PID 1440 wrote to memory of 4916	1440	msedge.exe	82
PID 1440 wrote to memory of 4916	1440	msedge.exe	82
PID 1440 wrote to memory of 4916	1440	msedge.exe	82
PID 1440 wrote to memory of 4916	1440	msedge.exe	82
PID 1440 wrote to memory of 4916	1440	msedge.exe	82
PID 1440 wrote to memory of 4916	1440	msedge.exe	82
PID 1440 wrote to memory of 2944	1440	msedge.exe	83
PID 1440 wrote to memory of 2944	1440	msedge.exe	83
PID 1440 wrote to memory of 2300	1440	msedge.exe	84
PID 1440 wrote to memory of 2300	1440	msedge.exe	84
PID 1440 wrote to memory of 2300	1440	msedge.exe	84
PID 1440 wrote to memory of 2300	1440	msedge.exe	84
PID 1440 wrote to memory of 2300	1440	msedge.exe	84
PID 1440 wrote to memory of 2300	1440	msedge.exe	84
PID 1440 wrote to memory of 2300	1440	msedge.exe	84
PID 1440 wrote to memory of 2300	1440	msedge.exe	84
PID 1440 wrote to memory of 2300	1440	msedge.exe	84
PID 1440 wrote to memory of 2300	1440	msedge.exe	84
PID 1440 wrote to memory of 2300	1440	msedge.exe	84
PID 1440 wrote to memory of 2300	1440	msedge.exe	84
PID 1440 wrote to memory of 2300	1440	msedge.exe	84
PID 1440 wrote to memory of 2300	1440	msedge.exe	84
PID 1440 wrote to memory of 2300	1440	msedge.exe	84
PID 1440 wrote to memory of 2300	1440	msedge.exe	84
PID 1440 wrote to memory of 2300	1440	msedge.exe	84
PID 1440 wrote to memory of 2300	1440	msedge.exe	84
PID 1440 wrote to memory of 2300	1440	msedge.exe	84
PID 1440 wrote to memory of 2300	1440	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\2b82c2b245c31d02af69608edce1fd58_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff8c3c46f8,0x7fff8c3c4708,0x7fff8c3c4718
  2⤵
  PID:3788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,10258639459357203649,2140802968974322228,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:2
  2⤵
  PID:4916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2148,10258639459357203649,2140802968974322228,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2148,10258639459357203649,2140802968974322228,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2920 /prefetch:8
  2⤵
  PID:2300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,10258639459357203649,2140802968974322228,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
  2⤵
  PID:5036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,10258639459357203649,2140802968974322228,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
  2⤵
  PID:4076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,10258639459357203649,2140802968974322228,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2816 /prefetch:1
  2⤵
  PID:3812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,10258639459357203649,2140802968974322228,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5336 /prefetch:1
  2⤵
  PID:3532
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,10258639459357203649,2140802968974322228,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6108 /prefetch:8
  2⤵
  PID:4056
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,10258639459357203649,2140802968974322228,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6108 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,10258639459357203649,2140802968974322228,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5208 /prefetch:1
  2⤵
  PID:4692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,10258639459357203649,2140802968974322228,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4756 /prefetch:1
  2⤵
  PID:3468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,10258639459357203649,2140802968974322228,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4160 /prefetch:1
  2⤵
  PID:4404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,10258639459357203649,2140802968974322228,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4836 /prefetch:1
  2⤵
  PID:2384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,10258639459357203649,2140802968974322228,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6260 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1000

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:552

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3964

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a8e767fd33edd97d306efb6905f93252

SHA1
a6f80ace2b57599f64b0ae3c7381f34e9456f9d3

SHA256
c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb

SHA512
07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
439b5e04ca18c7fb02cf406e6eb24167

SHA1
e0c5bb6216903934726e3570b7d63295b9d28987

SHA256
247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654

SHA512
d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
70099a7c71d4cdf2e055a61f54d8c2e6

SHA1
093b3606c5d9ae0998fc238f682a7320ccbb1d96

SHA256
751dbe5e6cf0e293b91a64d99826fb6c7009e69d360ca9d06096f1d7fcc0fa42

SHA512
c0d177c51bc1dd1d5310e0aa58016e8de350e6c6aef29290f5786d65a3a65414f74e845c5028ccc5a649e72a62eea41c7e1e19209293890047e234a3420df8a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
691B

MD5
9474b11963194cf9dba8eaf1a14346d3

SHA1
818384cb03030925e0aeb12af7b303a798f306f9

SHA256
3ad3ebc1bfbc2802a23ee9968e2481a6368c9a9cea0505ff60d33e026731ba23

SHA512
6c9e2a38c6b7620445092c2bb2d0a37b50fa9a0570a6f423de0f71853a0b22d5cdb7d861eeb2ed359ce5930696a8ddda6c1d813c4f99193fbcf816988238c833

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7eefa6b09931682fa36ca4b5181e20f1

SHA1
50aab441d5760e5db2e8b1cae8531a36c9107b69

SHA256
a063b699d896aac53ba712b63ce8ce4d23ab48b66d1876975bcb91bb5e114555

SHA512
806eb2625adbca847efda219d2453efb2450035824b75e6b17ff19df4bbe596cbe92a4e40151caa10dab89de073116d39b0f33ed2516e51fab6b9622c11a655a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
64a560061fa4cde4cfc7300376cae38e

SHA1
d89630f81b7529493ca9c33e3ac1d13cba982f00

SHA256
43750f33855b8962a9aab37f5488fb62d2892c51efa3d3bec18408681f2b578a

SHA512
f6094215445d76951d630b5ae4b817178800503cb791380c49487f0b7a542a51fa11ebed162b25fbfbc05935413a5115ca596d67b57da3d37a9da89b0900c997

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2c594fb0b78a81d6da81707e9a3f7a3a

SHA1
1e38ab4415dc61a4077c3279467eb9561e5719b6

SHA256
6d5bdd4f0f075f78ab98c88513d8a4d0acf9b08de567111e6637478bc3c40db9

SHA512
38d2b37e9a7cab00ce02d417ad43e53c7c7bc7a70f7bd41355ee3d8db46f27c4c65f61a9304d691614a3b86a9de97f340d50bd7fb8e53d86f22e0b542729ab0f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
c28190f2dc15d6502b2ee71245f80b7f

SHA1
d41e9310177ef445f5142d426caa47c35c0a7f6a

SHA256
d4de0cfaa6d04e6b954816f0c4035c2dff7dee77e942a50644bfb801b3e95b29

SHA512
f9aa9f875c339163f01fd4af61594db88136563a52fd9835d55fd2cc6c33ad21b5219fa0885a5b071843327dbcf7ee6ff7ae4ca5b08ec30ee2e0d1450714d5df

Download Submit