ee0846f58ca0f3f6055ac0e7d48cc1a93b5421b801356f56672861b57464931b

Analysis

max time kernel
150s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
27/05/2024, 17:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7a0063f59d308b56c9ab2453caed927e_JaffaCakes118.html
Size

19KB
MD5

7a0063f59d308b56c9ab2453caed927e
SHA1

3c8bd7b33d6897e5169241da0fc212a9725a9c87
SHA256

ee0846f58ca0f3f6055ac0e7d48cc1a93b5421b801356f56672861b57464931b
SHA512

d1a1de124ff8d0405e0ffed6f88ecfc04252455f92f989b8304cfd067cd53c4b34e697dec1652a33afbb70bdc02c505b31bf5e037d2856df5d361410c5b11020
SSDEEP

384:UUNC7FDgs0kweUUeqUhUsUXUKUUUrMKUrGiUwKUjUlUZo6QTBM3BMcBM3BMABMrp:US4y5Ajv0MzJKeuyeC3CcC3CACrC4cFI

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3220	msedge.exe
3220	msedge.exe
3636	msedge.exe
3636	msedge.exe
3564	identity_helper.exe
3564	identity_helper.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3636 wrote to memory of 3644	3636	msedge.exe	81
PID 3636 wrote to memory of 3644	3636	msedge.exe	81
PID 3636 wrote to memory of 3340	3636	msedge.exe	82
PID 3636 wrote to memory of 3340	3636	msedge.exe	82
PID 3636 wrote to memory of 3340	3636	msedge.exe	82
PID 3636 wrote to memory of 3340	3636	msedge.exe	82
PID 3636 wrote to memory of 3340	3636	msedge.exe	82
PID 3636 wrote to memory of 3340	3636	msedge.exe	82
PID 3636 wrote to memory of 3340	3636	msedge.exe	82
PID 3636 wrote to memory of 3340	3636	msedge.exe	82
PID 3636 wrote to memory of 3340	3636	msedge.exe	82
PID 3636 wrote to memory of 3340	3636	msedge.exe	82
PID 3636 wrote to memory of 3340	3636	msedge.exe	82
PID 3636 wrote to memory of 3340	3636	msedge.exe	82
PID 3636 wrote to memory of 3340	3636	msedge.exe	82
PID 3636 wrote to memory of 3340	3636	msedge.exe	82
PID 3636 wrote to memory of 3340	3636	msedge.exe	82
PID 3636 wrote to memory of 3340	3636	msedge.exe	82
PID 3636 wrote to memory of 3340	3636	msedge.exe	82
PID 3636 wrote to memory of 3340	3636	msedge.exe	82
PID 3636 wrote to memory of 3340	3636	msedge.exe	82
PID 3636 wrote to memory of 3340	3636	msedge.exe	82
PID 3636 wrote to memory of 3340	3636	msedge.exe	82
PID 3636 wrote to memory of 3340	3636	msedge.exe	82
PID 3636 wrote to memory of 3340	3636	msedge.exe	82
PID 3636 wrote to memory of 3340	3636	msedge.exe	82
PID 3636 wrote to memory of 3340	3636	msedge.exe	82
PID 3636 wrote to memory of 3340	3636	msedge.exe	82
PID 3636 wrote to memory of 3340	3636	msedge.exe	82
PID 3636 wrote to memory of 3340	3636	msedge.exe	82
PID 3636 wrote to memory of 3340	3636	msedge.exe	82
PID 3636 wrote to memory of 3340	3636	msedge.exe	82
PID 3636 wrote to memory of 3340	3636	msedge.exe	82
PID 3636 wrote to memory of 3340	3636	msedge.exe	82
PID 3636 wrote to memory of 3340	3636	msedge.exe	82
PID 3636 wrote to memory of 3340	3636	msedge.exe	82
PID 3636 wrote to memory of 3340	3636	msedge.exe	82
PID 3636 wrote to memory of 3340	3636	msedge.exe	82
PID 3636 wrote to memory of 3340	3636	msedge.exe	82
PID 3636 wrote to memory of 3340	3636	msedge.exe	82
PID 3636 wrote to memory of 3340	3636	msedge.exe	82
PID 3636 wrote to memory of 3340	3636	msedge.exe	82
PID 3636 wrote to memory of 3220	3636	msedge.exe	83
PID 3636 wrote to memory of 3220	3636	msedge.exe	83
PID 3636 wrote to memory of 4908	3636	msedge.exe	84
PID 3636 wrote to memory of 4908	3636	msedge.exe	84
PID 3636 wrote to memory of 4908	3636	msedge.exe	84
PID 3636 wrote to memory of 4908	3636	msedge.exe	84
PID 3636 wrote to memory of 4908	3636	msedge.exe	84
PID 3636 wrote to memory of 4908	3636	msedge.exe	84
PID 3636 wrote to memory of 4908	3636	msedge.exe	84
PID 3636 wrote to memory of 4908	3636	msedge.exe	84
PID 3636 wrote to memory of 4908	3636	msedge.exe	84
PID 3636 wrote to memory of 4908	3636	msedge.exe	84
PID 3636 wrote to memory of 4908	3636	msedge.exe	84
PID 3636 wrote to memory of 4908	3636	msedge.exe	84
PID 3636 wrote to memory of 4908	3636	msedge.exe	84
PID 3636 wrote to memory of 4908	3636	msedge.exe	84
PID 3636 wrote to memory of 4908	3636	msedge.exe	84
PID 3636 wrote to memory of 4908	3636	msedge.exe	84
PID 3636 wrote to memory of 4908	3636	msedge.exe	84
PID 3636 wrote to memory of 4908	3636	msedge.exe	84
PID 3636 wrote to memory of 4908	3636	msedge.exe	84
PID 3636 wrote to memory of 4908	3636	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\7a0063f59d308b56c9ab2453caed927e_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8f56546f8,0x7ff8f5654708,0x7ff8f5654718
  2⤵
  PID:3644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1876,11677392428404111849,17247199726102636324,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2060 /prefetch:2
  2⤵
  PID:3340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1876,11677392428404111849,17247199726102636324,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2484 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1876,11677392428404111849,17247199726102636324,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2796 /prefetch:8
  2⤵
  PID:4908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,11677392428404111849,17247199726102636324,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
  2⤵
  PID:2956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,11677392428404111849,17247199726102636324,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,11677392428404111849,17247199726102636324,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5416 /prefetch:1
  2⤵
  PID:1844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,11677392428404111849,17247199726102636324,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5596 /prefetch:1
  2⤵
  PID:364
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1876,11677392428404111849,17247199726102636324,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5680 /prefetch:8
  2⤵
  PID:1188
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1876,11677392428404111849,17247199726102636324,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5680 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,11677392428404111849,17247199726102636324,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3508 /prefetch:1
  2⤵
  PID:3444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,11677392428404111849,17247199726102636324,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3496 /prefetch:1
  2⤵
  PID:3496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,11677392428404111849,17247199726102636324,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:2156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,11677392428404111849,17247199726102636324,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6128 /prefetch:1
  2⤵
  PID:5048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1876,11677392428404111849,17247199726102636324,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2008 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2504

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3548

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5020

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4f7152bc5a1a715ef481e37d1c791959

SHA1
c8a1ed674c62ae4f45519f90a8cc5a81eff3a6d7

SHA256
704dd4f98d8ca34ec421f23ba1891b178c23c14b3301e4655efc5c02d356c2bc

SHA512
2e6b02ca35d76a655a17a5f3e9dbd8d7517c7dae24f0095c7350eb9e7bdf9e1256a7009aa8878f96c89d1ea4fe5323a41f72b8c551806dda62880d7ff231ff5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ea98e583ad99df195d29aa066204ab56

SHA1
f89398664af0179641aa0138b337097b617cb2db

SHA256
a7abb51435909fa2d75c6f2ff5c69a93d4a0ab276ed579e7d8733b2a63ffbee6

SHA512
e109be3466e653e5d310b3e402e1626298b09205d223722a82344dd78504f3c33e1e24e8402a02f38cd2c9c50d96a303ce4846bea5a583423937ab018cd5782f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
504B

MD5
151e0e0eacd464d927f9b4732f7c06f6

SHA1
907f5036b6a36e2b3fb59505e13233f1dcf3c380

SHA256
9b47b087a4563b0b5a15640aa7e268a5a2832af3a3714f146fb24612c267fea2

SHA512
3b2305de5cf66ee8f4cf232aaae0a21cc1cc94721468a5c5abaec978855a2707c3e00e4d1fb7ba88e39b546558ee75153473e5c3b6d456ef32827e98f3fbedb4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
673B

MD5
aae019e60beebb87c70524ccd94874a9

SHA1
771ad02f21088e970271e891ae3ff7d7b90d251d

SHA256
758820d0ec58c669aed8d11235839e4abcf8e23ec8dcc409b4d4da388e4b7c6e

SHA512
b5ca7a64ffcff33c8f97bbc399ea393718c98a7cb92366644f3636e684305654e3c72ca9cda09682662a553fcc09b65e853552759765d80e1db27a7e30ea6345

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
89968d890460afe469d262c6e9d6e07d

SHA1
bdebcd824d454930a3462b2cc27b5858b4e53809

SHA256
e45d2c2ab8ff3af37c27ee5fb7b5d0065250d0e308f2c415a83384e95e1fc555

SHA512
03867c46181818be591b491afb766d4b42394c0ab0156834353e142cba2771a2800fda490f2060bfb494cf95b4ff6fe3101571132fd1a8134f4b0dbb66dda323

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8fdd2f71ac8081d5e1104d84348ab3bd

SHA1
7a05842d8bea221eb10b0b5087724a0c279a2f41

SHA256
5c667cb94017733dec39a53ea6e1ff3c4413d75376ac183eeee3463d6de5c00b

SHA512
7024d2b6d6e18b353b2898dc29cc0f77a6c2f3c92201c9b444aee1669b7018152b8b316b05fa4084a26ce85756116aac25abd9576eda8fbd5d709b75c74ca21d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
79dade35ff9804d57d42b2584b37d09d

SHA1
c8c7ba2e76e914a7d26a9127ac5cff1f19cf1a7b

SHA256
4c7dfb8b25c21c37e36e83dd8ad8cc6583afd1d123515b63a8990fd98bd6d7da

SHA512
25b47823abff267a9dcba08c831a05fb1d516b3cadb9271d24168e81fc4a8623f2b4baa8372fd932d8bb07904956a327f803ec17ac84e8629652f2787b0d5feb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
76827c68ef9810b55a25668922ea31a0

SHA1
aa5363e2b818ebbfe7f9cceee56d4276bcff6558

SHA256
15a8139763d616ca49f9bbe0a16d86dfd1e2064d9f5576cdcd1b30e6f0a52d14

SHA512
4fc33f78364f9fd50b5cfa4937ad74a119af18bc06a3f43e3436808f799c8e6313598a848809b56f48ab3c18cdda93f1d7cf88cac11ccc9cbb65a38bc8f77727

Download Submit