3713ce7fb304a3b1157f7b703e2693f1f1872fa9cdc4f2222b235d09a2070019

Analysis

max time kernel
148s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
20/05/2024, 10:36

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

5ea0d782250055893dc312c53ecfa281_JaffaCakes118.html
Size

173KB
MD5

5ea0d782250055893dc312c53ecfa281
SHA1

a45955a6f014fb0cb6d753e4dbf9acf545250c17
SHA256

3713ce7fb304a3b1157f7b703e2693f1f1872fa9cdc4f2222b235d09a2070019
SHA512

309b4dd9e550450655ab8779408463f177f028b1a615e0c0b5b71b6d299115104bb3efe2de04215113a2432284e06562faa0bbeb85fd836ea03519dbedc7cf76
SSDEEP

3072:2BD1yZ7z1WsrrjBFHRCBjwCbgBG9lE/sMfrmBRktjucxmUqNbrZSGD:nsHSI

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
3012	msedge.exe
3012	msedge.exe
4124	msedge.exe
4124	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
4124	msedge.exe
4124	msedge.exe
4124	msedge.exe
4124	msedge.exe
4124	msedge.exe
4124	msedge.exe
4124	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4124	msedge.exe
4124	msedge.exe
4124	msedge.exe
4124	msedge.exe
4124	msedge.exe
4124	msedge.exe
4124	msedge.exe
4124	msedge.exe
4124	msedge.exe
4124	msedge.exe
4124	msedge.exe
4124	msedge.exe
4124	msedge.exe
4124	msedge.exe
4124	msedge.exe
4124	msedge.exe
4124	msedge.exe
4124	msedge.exe
4124	msedge.exe
4124	msedge.exe
4124	msedge.exe
4124	msedge.exe
4124	msedge.exe
4124	msedge.exe
4124	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4124	msedge.exe
4124	msedge.exe
4124	msedge.exe
4124	msedge.exe
4124	msedge.exe
4124	msedge.exe
4124	msedge.exe
4124	msedge.exe
4124	msedge.exe
4124	msedge.exe
4124	msedge.exe
4124	msedge.exe
4124	msedge.exe
4124	msedge.exe
4124	msedge.exe
4124	msedge.exe
4124	msedge.exe
4124	msedge.exe
4124	msedge.exe
4124	msedge.exe
4124	msedge.exe
4124	msedge.exe
4124	msedge.exe
4124	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4124 wrote to memory of 3944	4124	msedge.exe	83
PID 4124 wrote to memory of 3944	4124	msedge.exe	83
PID 4124 wrote to memory of 2284	4124	msedge.exe	85
PID 4124 wrote to memory of 2284	4124	msedge.exe	85
PID 4124 wrote to memory of 2284	4124	msedge.exe	85
PID 4124 wrote to memory of 2284	4124	msedge.exe	85
PID 4124 wrote to memory of 2284	4124	msedge.exe	85
PID 4124 wrote to memory of 2284	4124	msedge.exe	85
PID 4124 wrote to memory of 2284	4124	msedge.exe	85
PID 4124 wrote to memory of 2284	4124	msedge.exe	85
PID 4124 wrote to memory of 2284	4124	msedge.exe	85
PID 4124 wrote to memory of 2284	4124	msedge.exe	85
PID 4124 wrote to memory of 2284	4124	msedge.exe	85
PID 4124 wrote to memory of 2284	4124	msedge.exe	85
PID 4124 wrote to memory of 2284	4124	msedge.exe	85
PID 4124 wrote to memory of 2284	4124	msedge.exe	85
PID 4124 wrote to memory of 2284	4124	msedge.exe	85
PID 4124 wrote to memory of 2284	4124	msedge.exe	85
PID 4124 wrote to memory of 2284	4124	msedge.exe	85
PID 4124 wrote to memory of 2284	4124	msedge.exe	85
PID 4124 wrote to memory of 2284	4124	msedge.exe	85
PID 4124 wrote to memory of 2284	4124	msedge.exe	85
PID 4124 wrote to memory of 2284	4124	msedge.exe	85
PID 4124 wrote to memory of 2284	4124	msedge.exe	85
PID 4124 wrote to memory of 2284	4124	msedge.exe	85
PID 4124 wrote to memory of 2284	4124	msedge.exe	85
PID 4124 wrote to memory of 2284	4124	msedge.exe	85
PID 4124 wrote to memory of 2284	4124	msedge.exe	85
PID 4124 wrote to memory of 2284	4124	msedge.exe	85
PID 4124 wrote to memory of 2284	4124	msedge.exe	85
PID 4124 wrote to memory of 2284	4124	msedge.exe	85
PID 4124 wrote to memory of 2284	4124	msedge.exe	85
PID 4124 wrote to memory of 2284	4124	msedge.exe	85
PID 4124 wrote to memory of 2284	4124	msedge.exe	85
PID 4124 wrote to memory of 2284	4124	msedge.exe	85
PID 4124 wrote to memory of 2284	4124	msedge.exe	85
PID 4124 wrote to memory of 2284	4124	msedge.exe	85
PID 4124 wrote to memory of 2284	4124	msedge.exe	85
PID 4124 wrote to memory of 2284	4124	msedge.exe	85
PID 4124 wrote to memory of 2284	4124	msedge.exe	85
PID 4124 wrote to memory of 2284	4124	msedge.exe	85
PID 4124 wrote to memory of 2284	4124	msedge.exe	85
PID 4124 wrote to memory of 3012	4124	msedge.exe	86
PID 4124 wrote to memory of 3012	4124	msedge.exe	86
PID 4124 wrote to memory of 3492	4124	msedge.exe	87
PID 4124 wrote to memory of 3492	4124	msedge.exe	87
PID 4124 wrote to memory of 3492	4124	msedge.exe	87
PID 4124 wrote to memory of 3492	4124	msedge.exe	87
PID 4124 wrote to memory of 3492	4124	msedge.exe	87
PID 4124 wrote to memory of 3492	4124	msedge.exe	87
PID 4124 wrote to memory of 3492	4124	msedge.exe	87
PID 4124 wrote to memory of 3492	4124	msedge.exe	87
PID 4124 wrote to memory of 3492	4124	msedge.exe	87
PID 4124 wrote to memory of 3492	4124	msedge.exe	87
PID 4124 wrote to memory of 3492	4124	msedge.exe	87
PID 4124 wrote to memory of 3492	4124	msedge.exe	87
PID 4124 wrote to memory of 3492	4124	msedge.exe	87
PID 4124 wrote to memory of 3492	4124	msedge.exe	87
PID 4124 wrote to memory of 3492	4124	msedge.exe	87
PID 4124 wrote to memory of 3492	4124	msedge.exe	87
PID 4124 wrote to memory of 3492	4124	msedge.exe	87
PID 4124 wrote to memory of 3492	4124	msedge.exe	87
PID 4124 wrote to memory of 3492	4124	msedge.exe	87
PID 4124 wrote to memory of 3492	4124	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\5ea0d782250055893dc312c53ecfa281_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcab8046f8,0x7ffcab804708,0x7ffcab804718
  2⤵
  PID:3944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2004,7106755459239572149,2765718855557885346,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2096 /prefetch:2
  2⤵
  PID:2284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2004,7106755459239572149,2765718855557885346,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2004,7106755459239572149,2765718855557885346,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2804 /prefetch:8
  2⤵
  PID:3492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,7106755459239572149,2765718855557885346,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:5020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,7106755459239572149,2765718855557885346,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:4872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,7106755459239572149,2765718855557885346,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2892 /prefetch:1
  2⤵
  PID:4956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,7106755459239572149,2765718855557885346,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6112 /prefetch:1
  2⤵
  PID:2792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,7106755459239572149,2765718855557885346,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4964 /prefetch:1
  2⤵
  PID:2932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,7106755459239572149,2765718855557885346,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6088 /prefetch:1
  2⤵
  PID:468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,7106755459239572149,2765718855557885346,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5876 /prefetch:1
  2⤵
  PID:4500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2004,7106755459239572149,2765718855557885346,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4828 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4996

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4932

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1504

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f61fa5143fe872d1d8f1e9f8dc6544f9

SHA1
df44bab94d7388fb38c63085ec4db80cfc5eb009

SHA256
284a24b5b40860240db00ef3ae6a33c9fa8349ab5490a634e27b2c6e9a191c64

SHA512
971000784a6518bb39c5cf043292c7ab659162275470f5f6b632ea91a6bcae83bc80517ceb983dd5abfe8fb4e157344cb65c27e609a879eec00b33c5fad563a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
87f7abeb82600e1e640b843ad50fe0a1

SHA1
045bbada3f23fc59941bf7d0210fb160cb78ae87

SHA256
b35d6906050d90a81d23646f86c20a8f5d42f058ffc6436fb0a2b8bd71ee1262

SHA512
ea8e7f24ab823ad710ce079c86c40aa957353a00d2775732c23e31be88a10d212e974c4691279aa86016c4660f5795febf739a15207833df6ed964a9ed99d618

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\6211366b-c5c8-4a93-a236-417c36b28f97.tmp

Filesize
5KB

MD5
ca1f95bac8b4fa6164b1c239530ebf68

SHA1
2f4c16336b9b09a42606d3fc29ed1f6cf27331ba

SHA256
b7fb30d214aa8df15af485334ead09f279d19b700b169d29ba26fb637413645f

SHA512
058f6ee257fddca4b1d9ed09352d6226906cff93c4f0c323c51e4d657767303d5ed419aadb525bb0524def1192f68c85d55f9366214c8a6c7ed5e09c7f270e6a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

Filesize
22KB

MD5
5e74c6d871232d6fe5d88711ece1408b

SHA1
1a5d3ac31e833df4c091f14c94a2ecd1c6294875

SHA256
bcadf445d413314a44375c63418a0f255fbac7afae40be0a80c9231751176105

SHA512
9d001eabce7ffdbf8e338725ef07f0033d0780ea474b7d33c2ad63886ff3578d818eb5c9b130d726353cd813160b49f572736dd288cece84e9bd8b784ce530d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
384B

MD5
e338a3e0e1f3e31db4c7cf9a21f2cfb4

SHA1
402ad83797dc4b3628ef4a8bba0dd04049638753

SHA256
0dd90913320f604560fddaaeb1d2d895e530d1b11b2afb4733e1560d993e4a16

SHA512
5774d0ead2a760dfa2fa0de53638effa64f54055a38a215d8113324e08c1fc928aa22ef6d9dfffe997cf3f46c987cc252f96e8890967bd70ec96590dedab650f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
360B

MD5
9226c32ce96626f0ac6f879796a91469

SHA1
ce94c022b0acd80f3cc4a50dd4c53f36a4d8d205

SHA256
0ccfa8732ac9f4b23e49ee18393b414236a8e51f54b05094607835ce5d4c014f

SHA512
1156f69cc612606c908a04c0d647deae30bcc5e17c415a18521caadfc76e88669e323ca19747318c21bed712c532d4b7aefe4bcf9ae204fd92e0a18de9126826

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
2507773287be9b93a1dabcd5044ca8f3

SHA1
63c8117f38dff032ea94312d51b1650dc05b1ce3

SHA256
240433538ba065c96c3a3e6065c2a5bebbe54fbc1e2df25e3e8950b529348477

SHA512
418c94f3d1683e1573ee16385c19c0e4ad1ec2e2262581b7aded919aba6aedb767dd6c668912af939b2d338252114a7250fe13544e32978c6e0fef643d54f6e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2ba92ddbb71988219f633fd8e364158f

SHA1
f4c34ed60c372f46be32955bc1b63a6d202915a8

SHA256
bbd1556e5ab8fefa24fdaaac7eabc0c553776febf0c9dff55433fe34c8da4aa0

SHA512
db3848128ab09e68fea5116b0c109325e144ce9fbbf2c709e98436bf095115eaf69b1c691af478b4b4e23fc53077f57eb44622d208726118ca1bd5eabf19a1cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
d7fae5f6dc0dc54196c959287aed721d

SHA1
8199a5de669bfdd92e07d96c005d3503c3674ce3

SHA256
504ea2ecff418e33c9be9a8adf01de7aca3258897b328df9f38029ae0b0516af

SHA512
ef3642f27151fea40248c68e14596e586e3a6733b2907765c9cf7f6ab17be732b3170e241e31a09f5eca584c30abca82b8606ffb25081134d084172268c884d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
872B

MD5
6511ffd266f6f302afaf3e6a2036f678

SHA1
f3c12f6ffc5540e4bb596a9840598f209c998334

SHA256
b7362a8ab4248700a0e6dc6a31e8424ab62236dba92a26fd5816f2b9f5d1d13d

SHA512
c871bb185a6467327dc7712353a402717d275ded6ce85466930f913abb551184a490bd3d5b325afca462ceab27300bb45ada1f0cb6e9ce27afb2b6287f1f7b61

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57c033.TMP

Filesize
537B

MD5
9f24ede8c740118ee2f1f061ba458a12

SHA1
37d5bb8c25a7c7a2a250ad1c39acf631ed5dfe1e

SHA256
27d6f19f29d45815e2a9fe46ab91fbc7fca94391239d45c4c7021226fb778dc9

SHA512
c8ee1bc599c2c41c6279e08d37832647bd8da9f4338229b45b6518a8c44b1f70e870acbbc2672f4d579f12227d78a8417d2627c5df876f41ea773f121857ebfd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
205c131ce4a97eaed60cc25afe2543d1

SHA1
1027c5138dbaada2278cf9bb62859a3d977e8c1e

SHA256
84b46fe9923397d267d7db6ddd9c52fd010614f040ed0a4a404cbb9263a580a1

SHA512
07a0e9021c59261ed62fcd289cab192e81db06f01403a5cecc034b348c1cf1c009cd5462e639ff86a70267baa170175746c454fad478b3a44423fe9d8ce5de3e

Download Submit