1a15c0bbee91ec08526baac0ad859c4a09615f70d8ad45a9ade2b78abe29db52

Analysis

max time kernel
145s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
27/05/2024, 12:45

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

793406068823f8cd6235d687640dfd09_JaffaCakes118.html
Size

202KB
MD5

793406068823f8cd6235d687640dfd09
SHA1

a6a2b5b46804739bcec5d76da21a384c381af867
SHA256

1a15c0bbee91ec08526baac0ad859c4a09615f70d8ad45a9ade2b78abe29db52
SHA512

bd59827442bc538c0daf55b6263b3d8d9247560eab5a7db7caa52f3df3126480db0ad2f82342d1b4d1dca76d53a3190987e8954b2566e23fc4725dc495d26f3b
SSDEEP

6144:/Ptjm9cYUSUlTl9t2g4ojnNzvzHCaQc4V:ntjm9cYBsl9t2g4ojnNzvzHCaQc4V

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4828	msedge.exe
4828	msedge.exe
4316	msedge.exe
4316	msedge.exe
4028	identity_helper.exe
4028	identity_helper.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4316 wrote to memory of 2052	4316	msedge.exe	83
PID 4316 wrote to memory of 2052	4316	msedge.exe	83
PID 4316 wrote to memory of 1128	4316	msedge.exe	84
PID 4316 wrote to memory of 1128	4316	msedge.exe	84
PID 4316 wrote to memory of 1128	4316	msedge.exe	84
PID 4316 wrote to memory of 1128	4316	msedge.exe	84
PID 4316 wrote to memory of 1128	4316	msedge.exe	84
PID 4316 wrote to memory of 1128	4316	msedge.exe	84
PID 4316 wrote to memory of 1128	4316	msedge.exe	84
PID 4316 wrote to memory of 1128	4316	msedge.exe	84
PID 4316 wrote to memory of 1128	4316	msedge.exe	84
PID 4316 wrote to memory of 1128	4316	msedge.exe	84
PID 4316 wrote to memory of 1128	4316	msedge.exe	84
PID 4316 wrote to memory of 1128	4316	msedge.exe	84
PID 4316 wrote to memory of 1128	4316	msedge.exe	84
PID 4316 wrote to memory of 1128	4316	msedge.exe	84
PID 4316 wrote to memory of 1128	4316	msedge.exe	84
PID 4316 wrote to memory of 1128	4316	msedge.exe	84
PID 4316 wrote to memory of 1128	4316	msedge.exe	84
PID 4316 wrote to memory of 1128	4316	msedge.exe	84
PID 4316 wrote to memory of 1128	4316	msedge.exe	84
PID 4316 wrote to memory of 1128	4316	msedge.exe	84
PID 4316 wrote to memory of 1128	4316	msedge.exe	84
PID 4316 wrote to memory of 1128	4316	msedge.exe	84
PID 4316 wrote to memory of 1128	4316	msedge.exe	84
PID 4316 wrote to memory of 1128	4316	msedge.exe	84
PID 4316 wrote to memory of 1128	4316	msedge.exe	84
PID 4316 wrote to memory of 1128	4316	msedge.exe	84
PID 4316 wrote to memory of 1128	4316	msedge.exe	84
PID 4316 wrote to memory of 1128	4316	msedge.exe	84
PID 4316 wrote to memory of 1128	4316	msedge.exe	84
PID 4316 wrote to memory of 1128	4316	msedge.exe	84
PID 4316 wrote to memory of 1128	4316	msedge.exe	84
PID 4316 wrote to memory of 1128	4316	msedge.exe	84
PID 4316 wrote to memory of 1128	4316	msedge.exe	84
PID 4316 wrote to memory of 1128	4316	msedge.exe	84
PID 4316 wrote to memory of 1128	4316	msedge.exe	84
PID 4316 wrote to memory of 1128	4316	msedge.exe	84
PID 4316 wrote to memory of 1128	4316	msedge.exe	84
PID 4316 wrote to memory of 1128	4316	msedge.exe	84
PID 4316 wrote to memory of 1128	4316	msedge.exe	84
PID 4316 wrote to memory of 1128	4316	msedge.exe	84
PID 4316 wrote to memory of 4828	4316	msedge.exe	85
PID 4316 wrote to memory of 4828	4316	msedge.exe	85
PID 4316 wrote to memory of 2532	4316	msedge.exe	86
PID 4316 wrote to memory of 2532	4316	msedge.exe	86
PID 4316 wrote to memory of 2532	4316	msedge.exe	86
PID 4316 wrote to memory of 2532	4316	msedge.exe	86
PID 4316 wrote to memory of 2532	4316	msedge.exe	86
PID 4316 wrote to memory of 2532	4316	msedge.exe	86
PID 4316 wrote to memory of 2532	4316	msedge.exe	86
PID 4316 wrote to memory of 2532	4316	msedge.exe	86
PID 4316 wrote to memory of 2532	4316	msedge.exe	86
PID 4316 wrote to memory of 2532	4316	msedge.exe	86
PID 4316 wrote to memory of 2532	4316	msedge.exe	86
PID 4316 wrote to memory of 2532	4316	msedge.exe	86
PID 4316 wrote to memory of 2532	4316	msedge.exe	86
PID 4316 wrote to memory of 2532	4316	msedge.exe	86
PID 4316 wrote to memory of 2532	4316	msedge.exe	86
PID 4316 wrote to memory of 2532	4316	msedge.exe	86
PID 4316 wrote to memory of 2532	4316	msedge.exe	86
PID 4316 wrote to memory of 2532	4316	msedge.exe	86
PID 4316 wrote to memory of 2532	4316	msedge.exe	86
PID 4316 wrote to memory of 2532	4316	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\793406068823f8cd6235d687640dfd09_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9cc9c46f8,0x7ff9cc9c4708,0x7ff9cc9c4718
  2⤵
  PID:2052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,3509593507417892421,5322427871861930924,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2264 /prefetch:2
  2⤵
  PID:1128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,3509593507417892421,5322427871861930924,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2312 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,3509593507417892421,5322427871861930924,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2672 /prefetch:8
  2⤵
  PID:2532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,3509593507417892421,5322427871861930924,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:4676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,3509593507417892421,5322427871861930924,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:2304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,3509593507417892421,5322427871861930924,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5068 /prefetch:1
  2⤵
  PID:2220
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,3509593507417892421,5322427871861930924,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6028 /prefetch:8
  2⤵
  PID:5096
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,3509593507417892421,5322427871861930924,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6028 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,3509593507417892421,5322427871861930924,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2176 /prefetch:1
  2⤵
  PID:3028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,3509593507417892421,5322427871861930924,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6012 /prefetch:1
  2⤵
  PID:4276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,3509593507417892421,5322427871861930924,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5780 /prefetch:1
  2⤵
  PID:3240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,3509593507417892421,5322427871861930924,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5748 /prefetch:1
  2⤵
  PID:3900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,3509593507417892421,5322427871861930924,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4860 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:60

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1316

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1868

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\9ee67e5e-2e37-43da-9377-96549a725c6f.tmp

Filesize
11KB

MD5
f9b1cc0555fb25c3f639fcc53334870e

SHA1
6e4adf536f638d9ec5291b6394ff72932d9e97e5

SHA256
c0e4b56d99b0c2871de0cd033dc309a76d13d0020c041e5a50af23a73e423909

SHA512
0d9331cb4bfd0f973bb34646c7412cc9eab151105b7a007941007b1dadc99445801988d0334ab7003760ac6ee3ba0bcd476693b57c9a2a645ae6d9b16a787756

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4b4f91fa1b362ba5341ecb2836438dea

SHA1
9561f5aabed742404d455da735259a2c6781fa07

SHA256
d824b742eace197ddc8b6ed5d918f390fde4b0fbf0e371b8e1f2ed40a3b6455c

SHA512
fef22217dcdd8000bc193e25129699d4b8f7a103ca4fe1613baf73ccf67090d9fbae27eb93e4bb8747455853a0a4326f2d0c38df41c8d42351cdcd4132418dac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
eaa3db555ab5bc0cb364826204aad3f0

SHA1
a4cdfaac8de49e6e6e88b335cfeaa7c9e3c563ca

SHA256
ef7baeb1b2ab05ff3c5fbb76c2759db49294654548706c7c8e87f0cde855b86b

SHA512
e13981da51b52c15261ecabb98af32f9b920651b46b10ce0cc823c5878b22eb1420258c80deef204070d1e0bdd3a64d875ac2522e3713a3cf11657aa55aeccd4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
408B

MD5
290f3a316e568f9f7b9e46af880c6181

SHA1
e202943b12a6c3ef0fb50f1de44d4229f5a611f5

SHA256
23f10cf5969cab0ec3ace6ebc2e06916de7520886b3c228553f312925c263dd0

SHA512
5dc8a97ded08ad6e94130e03a11eb54b85dc6c2f2adc093147a835a9bf31e1a1cf520cee78693048349f63d5d1c2dc35b3f46512f33fd100c8a8cd45498bfbac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
71e70039a6aea7f205d061d1816d0508

SHA1
b6be42c2be7d9c704c2964f1db6643da8de7f1a0

SHA256
aa72cc32497487c43cd6212b2ba870ea0d4a080b0d022ea320b922e250b0f604

SHA512
87a2765594ff9953544f7cc4ad2bf965d1faff6cc8130968d99b5f44adc06484e06f00c0a46a99da112e6fe8aec5f99c81f7293a06fa1f3491a29fc01272d735

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
99c3b3ae5add9a251e23230f7e467b2b

SHA1
75d83d9b66f8cd9e7ff20397d4c43b5deeae1fcb

SHA256
9dd8623ed36fe872ded9f8b720671485d3c1cc394a3bd531de3d4244882fcde3

SHA512
fd5b93059a0d5c0fb6bca03367d0302b47d04f268b5c62d46c6d330293288f171f4986090fa89b46f802010ec29a41334d359fec07d2062864d8fecb4db293fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3b98b84b625713f05d4e456ce0b077db

SHA1
c7ede5a8a03b816401fbec71a73b57d813c2c539

SHA256
93a95cb03784ef3755bda3947c300ae9b42f149b5672db14251a911497b4a488

SHA512
e5a0ddd3ec0d4a9e3d1004ddd39cffd21919a3ece0280322ae6f149ff799dde03c3b9c32db5172cd871ee3c854b375b6676e9e25f163ab8139982e9952617de6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
4150f82476aaae44f969b56d42a3aecf

SHA1
1d1843f2f294384713e108939e71e4ec81d6a8ca

SHA256
06bf02b2ba4f98b39b6e4fec886224e5cf82b7a1f29dbcb6e9312c363b44abce

SHA512
3c415c84309e879c2541698e08e062758b59aa481fc56fb349451f907454c6c5efe8da78cd5e1b34ed8c4aca337c0cc1bef9e98ded7cf66064c7fdb4f48ed0a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe581ab7.TMP

Filesize
1KB

MD5
4723eaa59b77681de4dd0c81dbaea89e

SHA1
edf20e8ea1b74c91e53eada6b321c9d7af56186a

SHA256
6a27e448b22b2af36fdf08652811014ead0848556cc670c775dbfadb144092f7

SHA512
73f0756e1665e8e5f37e8655acf30861ea00814eabb3b506f2a2ca3c422bf5fed956c230550d88c53642c7a13f1ca8abef32d21baec4a40af02bc7f47980c8f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit