a485860bdbdfc2157b0f436bbc6df5590f28446a406bcdd5bba702a34843512d

Analysis

max time kernel
148s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
28/05/2024, 00:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7b15e2dbe56a30803a53b659bc428f13_JaffaCakes118.html
Size

42KB
MD5

7b15e2dbe56a30803a53b659bc428f13
SHA1

bc7a7a79711ffa4193efbbab201da521288c99c2
SHA256

a485860bdbdfc2157b0f436bbc6df5590f28446a406bcdd5bba702a34843512d
SHA512

ac6330540d73410ddd0a19621792ff180e9f6d1d8d365adfc4cc260aa7181f70785deb0743dc847d9e53b554cd39543441804d602b81fd5632c736f3269e13bd
SSDEEP

768:SgpwV9+9+i5+zlbBewBiEl3EiGS2ggDfiG1aZA513I2bITrgMS1eWKrqCg:SgpwV91McGwBiEl3EiGS2ggDfiG1aZAL

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
776	msedge.exe
776	msedge.exe
2184	msedge.exe
2184	msedge.exe
4628	identity_helper.exe
4628	identity_helper.exe
1344	msedge.exe
1344	msedge.exe
1344	msedge.exe
1344	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2184 wrote to memory of 2272	2184	msedge.exe	85
PID 2184 wrote to memory of 2272	2184	msedge.exe	85
PID 2184 wrote to memory of 2524	2184	msedge.exe	86
PID 2184 wrote to memory of 2524	2184	msedge.exe	86
PID 2184 wrote to memory of 2524	2184	msedge.exe	86
PID 2184 wrote to memory of 2524	2184	msedge.exe	86
PID 2184 wrote to memory of 2524	2184	msedge.exe	86
PID 2184 wrote to memory of 2524	2184	msedge.exe	86
PID 2184 wrote to memory of 2524	2184	msedge.exe	86
PID 2184 wrote to memory of 2524	2184	msedge.exe	86
PID 2184 wrote to memory of 2524	2184	msedge.exe	86
PID 2184 wrote to memory of 2524	2184	msedge.exe	86
PID 2184 wrote to memory of 2524	2184	msedge.exe	86
PID 2184 wrote to memory of 2524	2184	msedge.exe	86
PID 2184 wrote to memory of 2524	2184	msedge.exe	86
PID 2184 wrote to memory of 2524	2184	msedge.exe	86
PID 2184 wrote to memory of 2524	2184	msedge.exe	86
PID 2184 wrote to memory of 2524	2184	msedge.exe	86
PID 2184 wrote to memory of 2524	2184	msedge.exe	86
PID 2184 wrote to memory of 2524	2184	msedge.exe	86
PID 2184 wrote to memory of 2524	2184	msedge.exe	86
PID 2184 wrote to memory of 2524	2184	msedge.exe	86
PID 2184 wrote to memory of 2524	2184	msedge.exe	86
PID 2184 wrote to memory of 2524	2184	msedge.exe	86
PID 2184 wrote to memory of 2524	2184	msedge.exe	86
PID 2184 wrote to memory of 2524	2184	msedge.exe	86
PID 2184 wrote to memory of 2524	2184	msedge.exe	86
PID 2184 wrote to memory of 2524	2184	msedge.exe	86
PID 2184 wrote to memory of 2524	2184	msedge.exe	86
PID 2184 wrote to memory of 2524	2184	msedge.exe	86
PID 2184 wrote to memory of 2524	2184	msedge.exe	86
PID 2184 wrote to memory of 2524	2184	msedge.exe	86
PID 2184 wrote to memory of 2524	2184	msedge.exe	86
PID 2184 wrote to memory of 2524	2184	msedge.exe	86
PID 2184 wrote to memory of 2524	2184	msedge.exe	86
PID 2184 wrote to memory of 2524	2184	msedge.exe	86
PID 2184 wrote to memory of 2524	2184	msedge.exe	86
PID 2184 wrote to memory of 2524	2184	msedge.exe	86
PID 2184 wrote to memory of 2524	2184	msedge.exe	86
PID 2184 wrote to memory of 2524	2184	msedge.exe	86
PID 2184 wrote to memory of 2524	2184	msedge.exe	86
PID 2184 wrote to memory of 2524	2184	msedge.exe	86
PID 2184 wrote to memory of 776	2184	msedge.exe	87
PID 2184 wrote to memory of 776	2184	msedge.exe	87
PID 2184 wrote to memory of 4892	2184	msedge.exe	88
PID 2184 wrote to memory of 4892	2184	msedge.exe	88
PID 2184 wrote to memory of 4892	2184	msedge.exe	88
PID 2184 wrote to memory of 4892	2184	msedge.exe	88
PID 2184 wrote to memory of 4892	2184	msedge.exe	88
PID 2184 wrote to memory of 4892	2184	msedge.exe	88
PID 2184 wrote to memory of 4892	2184	msedge.exe	88
PID 2184 wrote to memory of 4892	2184	msedge.exe	88
PID 2184 wrote to memory of 4892	2184	msedge.exe	88
PID 2184 wrote to memory of 4892	2184	msedge.exe	88
PID 2184 wrote to memory of 4892	2184	msedge.exe	88
PID 2184 wrote to memory of 4892	2184	msedge.exe	88
PID 2184 wrote to memory of 4892	2184	msedge.exe	88
PID 2184 wrote to memory of 4892	2184	msedge.exe	88
PID 2184 wrote to memory of 4892	2184	msedge.exe	88
PID 2184 wrote to memory of 4892	2184	msedge.exe	88
PID 2184 wrote to memory of 4892	2184	msedge.exe	88
PID 2184 wrote to memory of 4892	2184	msedge.exe	88
PID 2184 wrote to memory of 4892	2184	msedge.exe	88
PID 2184 wrote to memory of 4892	2184	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\7b15e2dbe56a30803a53b659bc428f13_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffba57446f8,0x7ffba5744708,0x7ffba5744718
  2⤵
  PID:2272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2180,8157768168450161773,2831866737555157736,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2208 /prefetch:2
  2⤵
  PID:2524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2180,8157768168450161773,2831866737555157736,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2264 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2180,8157768168450161773,2831866737555157736,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2840 /prefetch:8
  2⤵
  PID:4892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,8157768168450161773,2831866737555157736,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1
  2⤵
  PID:4048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,8157768168450161773,2831866737555157736,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
  2⤵
  PID:2752
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2180,8157768168450161773,2831866737555157736,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5432 /prefetch:8
  2⤵
  PID:4832
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2180,8157768168450161773,2831866737555157736,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5432 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,8157768168450161773,2831866737555157736,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5104 /prefetch:1
  2⤵
  PID:876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,8157768168450161773,2831866737555157736,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4232 /prefetch:1
  2⤵
  PID:760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,8157768168450161773,2831866737555157736,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5640 /prefetch:1
  2⤵
  PID:2344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,8157768168450161773,2831866737555157736,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5000 /prefetch:1
  2⤵
  PID:4932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2180,8157768168450161773,2831866737555157736,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4808 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1344

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4996

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4716

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4b4f91fa1b362ba5341ecb2836438dea

SHA1
9561f5aabed742404d455da735259a2c6781fa07

SHA256
d824b742eace197ddc8b6ed5d918f390fde4b0fbf0e371b8e1f2ed40a3b6455c

SHA512
fef22217dcdd8000bc193e25129699d4b8f7a103ca4fe1613baf73ccf67090d9fbae27eb93e4bb8747455853a0a4326f2d0c38df41c8d42351cdcd4132418dac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
eaa3db555ab5bc0cb364826204aad3f0

SHA1
a4cdfaac8de49e6e6e88b335cfeaa7c9e3c563ca

SHA256
ef7baeb1b2ab05ff3c5fbb76c2759db49294654548706c7c8e87f0cde855b86b

SHA512
e13981da51b52c15261ecabb98af32f9b920651b46b10ce0cc823c5878b22eb1420258c80deef204070d1e0bdd3a64d875ac2522e3713a3cf11657aa55aeccd4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
261B

MD5
ea57c6792703b5f542f0ea0a741cc425

SHA1
3ca7af8a028966f859838d6807daa0ce821f7dcb

SHA256
469e7f3d9d061c7e55710ce83faa8057cbf6c918b2a131865198645ca4981a22

SHA512
43434c90ff163c2c0f51372cadee91ce469c3d8f3bff0dd25231e4974665cf4c67fe78ac5301252b203f459d9dfffcd24f6b2e90c72023fd9cce89bd8d58adfb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
fa2377892ab2dad20f21a609d5f9600e

SHA1
1e56ca3ab9f6fdf19f8b5f877ceffedb32755b80

SHA256
be586a77ac2c3a9e6dfba7f478bd1fc6e1f06d183ca13fa79a1f4a3172336a91

SHA512
823d01857df7905a0e013ca797ddf8de4a03324e56845709582fc39196fc83acc1ea44dc4044eb385ea0f4c6efc75d0ef4ab4552bc876849972bbf3efb328e54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
bc59d1d218c404f2b614b1302e7ec262

SHA1
6746206dc25d6c28191f33781d5d19df3dbeb7e4

SHA256
4203d74e471e92782ccc30084c5461aa09467a12807f948a4f86907efb3b0098

SHA512
40bcb15819b19352ca19504ffcb45a3fd4d8c03af9ad09ba7ea99d1b5f61933ff5db617c60502c4891733594a7ad246ffb3bd57dbd666b46ff6e014b340547fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
415c58c6a037b22ced94109c94858dfd

SHA1
19b4ab396f4a051eb99de037eaf388f1059260b6

SHA256
99470f2a8d2db1eefa1bbe3abc9a159c35de4fa6c10e7b5419d33b989c3beac4

SHA512
7a83979f95b6818bb48d9a3caba0e2d5fb8df9572339c029e7ebe98702de4c825d39f89115448fbb3cf5e09108cc1e5d163d935bc79065b17b02dae71edda505

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
370B

MD5
ff2072e21e5c35c3955546daa771d3fb

SHA1
61c920ea7e02267988d762de671f77903988329b

SHA256
59939de3e86f142e9b305ace0154a6772cc3b47d087338e0ff0931e7eefdcc2c

SHA512
fb331621ff3aff465e95438f592983a8a1ca02e65ed0b7dbd87696563a142cfc6a7a3abeabea3e5351cb13596a33d57cddf70de31aa96fe998ba9e6f4c4818ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57c9f7.TMP

Filesize
203B

MD5
aa84d0731aee301ed02134de8ac2b5f1

SHA1
3fd2a0b4ac6f4f311051a503b936f01091bc22da

SHA256
bdfed30c0f00bef487088ee47b85bd13e6e02b056c3e4bc15f4d6d266831c4e6

SHA512
0875cb18eecff8fe72921a044f55d67839a71e02f5605da9e385e47067a8038370e324f6df5a4fbe70add1e399b6e40474b22c1e3780ef3f6a2bcad204cf6b2c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
61e5a8e8b96f19fc5bd596fc54e38149

SHA1
2f3b9ba24a5c64031324e75edea610bf70579e24

SHA256
58a2b89e28657033567ebed0cb5bb56d361bf85d51492ab7c3902e69ecfa566f

SHA512
ea15cc72920da639609e742ba852e45cb1ab4f0d3bffb56c3631abf5148eb07e5d75b3a1fe6518190b229b98a4b61a61a2d50e778adeeb00e32190fc1415d233

Download Submit