067e83b823c3d7eb4863f653dde2c67a7a497b4ca024acb650e31a94e9d080a5

Analysis

max time kernel
148s
max time network
159s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
03-06-2024 16:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

92735120bc342c6c5aebe012a3c5a637_JaffaCakes118.html
Size

57KB
MD5

92735120bc342c6c5aebe012a3c5a637
SHA1

df1e0f8ddb70560ddfe7c64561f4689a0d6e8ba7
SHA256

067e83b823c3d7eb4863f653dde2c67a7a497b4ca024acb650e31a94e9d080a5
SHA512

bdcd6ef169f3a9d3516c51f2d6a059713fe87c2bbeddc9e42d038d1ce976f607992ee620fa875d52d611088d5fca50aaf94f15cc2ed7daf7086a358c34771f3b
SSDEEP

1536:jXSQnRfatgQX/BrguxWDzlT+ABOGdbbz30IlC3RCsWR37aX:7Skf7a/EzhlCu37aX

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1200	msedge.exe
1200	msedge.exe
4940	msedge.exe
4940	msedge.exe
3856	identity_helper.exe
3856	identity_helper.exe
2500	msedge.exe
2500	msedge.exe
2500	msedge.exe
2500	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4940 wrote to memory of 1056	4940	msedge.exe	81
PID 4940 wrote to memory of 1056	4940	msedge.exe	81
PID 4940 wrote to memory of 1936	4940	msedge.exe	82
PID 4940 wrote to memory of 1936	4940	msedge.exe	82
PID 4940 wrote to memory of 1936	4940	msedge.exe	82
PID 4940 wrote to memory of 1936	4940	msedge.exe	82
PID 4940 wrote to memory of 1936	4940	msedge.exe	82
PID 4940 wrote to memory of 1936	4940	msedge.exe	82
PID 4940 wrote to memory of 1936	4940	msedge.exe	82
PID 4940 wrote to memory of 1936	4940	msedge.exe	82
PID 4940 wrote to memory of 1936	4940	msedge.exe	82
PID 4940 wrote to memory of 1936	4940	msedge.exe	82
PID 4940 wrote to memory of 1936	4940	msedge.exe	82
PID 4940 wrote to memory of 1936	4940	msedge.exe	82
PID 4940 wrote to memory of 1936	4940	msedge.exe	82
PID 4940 wrote to memory of 1936	4940	msedge.exe	82
PID 4940 wrote to memory of 1936	4940	msedge.exe	82
PID 4940 wrote to memory of 1936	4940	msedge.exe	82
PID 4940 wrote to memory of 1936	4940	msedge.exe	82
PID 4940 wrote to memory of 1936	4940	msedge.exe	82
PID 4940 wrote to memory of 1936	4940	msedge.exe	82
PID 4940 wrote to memory of 1936	4940	msedge.exe	82
PID 4940 wrote to memory of 1936	4940	msedge.exe	82
PID 4940 wrote to memory of 1936	4940	msedge.exe	82
PID 4940 wrote to memory of 1936	4940	msedge.exe	82
PID 4940 wrote to memory of 1936	4940	msedge.exe	82
PID 4940 wrote to memory of 1936	4940	msedge.exe	82
PID 4940 wrote to memory of 1936	4940	msedge.exe	82
PID 4940 wrote to memory of 1936	4940	msedge.exe	82
PID 4940 wrote to memory of 1936	4940	msedge.exe	82
PID 4940 wrote to memory of 1936	4940	msedge.exe	82
PID 4940 wrote to memory of 1936	4940	msedge.exe	82
PID 4940 wrote to memory of 1936	4940	msedge.exe	82
PID 4940 wrote to memory of 1936	4940	msedge.exe	82
PID 4940 wrote to memory of 1936	4940	msedge.exe	82
PID 4940 wrote to memory of 1936	4940	msedge.exe	82
PID 4940 wrote to memory of 1936	4940	msedge.exe	82
PID 4940 wrote to memory of 1936	4940	msedge.exe	82
PID 4940 wrote to memory of 1936	4940	msedge.exe	82
PID 4940 wrote to memory of 1936	4940	msedge.exe	82
PID 4940 wrote to memory of 1936	4940	msedge.exe	82
PID 4940 wrote to memory of 1936	4940	msedge.exe	82
PID 4940 wrote to memory of 1200	4940	msedge.exe	83
PID 4940 wrote to memory of 1200	4940	msedge.exe	83
PID 4940 wrote to memory of 2572	4940	msedge.exe	84
PID 4940 wrote to memory of 2572	4940	msedge.exe	84
PID 4940 wrote to memory of 2572	4940	msedge.exe	84
PID 4940 wrote to memory of 2572	4940	msedge.exe	84
PID 4940 wrote to memory of 2572	4940	msedge.exe	84
PID 4940 wrote to memory of 2572	4940	msedge.exe	84
PID 4940 wrote to memory of 2572	4940	msedge.exe	84
PID 4940 wrote to memory of 2572	4940	msedge.exe	84
PID 4940 wrote to memory of 2572	4940	msedge.exe	84
PID 4940 wrote to memory of 2572	4940	msedge.exe	84
PID 4940 wrote to memory of 2572	4940	msedge.exe	84
PID 4940 wrote to memory of 2572	4940	msedge.exe	84
PID 4940 wrote to memory of 2572	4940	msedge.exe	84
PID 4940 wrote to memory of 2572	4940	msedge.exe	84
PID 4940 wrote to memory of 2572	4940	msedge.exe	84
PID 4940 wrote to memory of 2572	4940	msedge.exe	84
PID 4940 wrote to memory of 2572	4940	msedge.exe	84
PID 4940 wrote to memory of 2572	4940	msedge.exe	84
PID 4940 wrote to memory of 2572	4940	msedge.exe	84
PID 4940 wrote to memory of 2572	4940	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\92735120bc342c6c5aebe012a3c5a637_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff96de446f8,0x7ff96de44708,0x7ff96de44718
  2⤵
  PID:1056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,16450802542407570638,17375882011128334929,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2
  2⤵
  PID:1936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2156,16450802542407570638,17375882011128334929,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2156,16450802542407570638,17375882011128334929,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2884 /prefetch:8
  2⤵
  PID:2572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,16450802542407570638,17375882011128334929,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
  2⤵
  PID:1928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,16450802542407570638,17375882011128334929,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:4992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,16450802542407570638,17375882011128334929,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6108 /prefetch:1
  2⤵
  PID:4296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2156,16450802542407570638,17375882011128334929,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5936 /prefetch:8
  2⤵
  PID:4496
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,16450802542407570638,17375882011128334929,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5476 /prefetch:8
  2⤵
  PID:4804
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,16450802542407570638,17375882011128334929,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5476 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,16450802542407570638,17375882011128334929,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5744 /prefetch:1
  2⤵
  PID:4040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,16450802542407570638,17375882011128334929,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5660 /prefetch:1
  2⤵
  PID:3996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,16450802542407570638,17375882011128334929,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5436 /prefetch:1
  2⤵
  PID:2492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,16450802542407570638,17375882011128334929,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4664 /prefetch:1
  2⤵
  PID:4552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,16450802542407570638,17375882011128334929,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4768 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2500

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2980

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3096

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x50c 0x4e4
1⤵
PID:2092

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\1669380b-f61f-4c53-b217-39d81c097e1d.tmp

Filesize
10KB

MD5
c882360e7d2f5311730991a8189c10a1

SHA1
84b2e7eb3ffb863d1955e49319836ec5df53445c

SHA256
403665664072b6fc40931e16bab94d382be0be42398ac4f7dbdf10cbdce65cd5

SHA512
bff9eede10af411e91fb02af2680c004b46285768a3d1786a60671ba68e5f54c53280beecd62f243c77dc374d5f61e06254bdee81935126cbabbbb47e4ac9153

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4f7152bc5a1a715ef481e37d1c791959

SHA1
c8a1ed674c62ae4f45519f90a8cc5a81eff3a6d7

SHA256
704dd4f98d8ca34ec421f23ba1891b178c23c14b3301e4655efc5c02d356c2bc

SHA512
2e6b02ca35d76a655a17a5f3e9dbd8d7517c7dae24f0095c7350eb9e7bdf9e1256a7009aa8878f96c89d1ea4fe5323a41f72b8c551806dda62880d7ff231ff5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ea98e583ad99df195d29aa066204ab56

SHA1
f89398664af0179641aa0138b337097b617cb2db

SHA256
a7abb51435909fa2d75c6f2ff5c69a93d4a0ab276ed579e7d8733b2a63ffbee6

SHA512
e109be3466e653e5d310b3e402e1626298b09205d223722a82344dd78504f3c33e1e24e8402a02f38cd2c9c50d96a303ce4846bea5a583423937ab018cd5782f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
267d656e0e5e37cb5e88c6acab524550

SHA1
eea2734442e1e963e04bf27e0395fca7430f7af0

SHA256
ee6dc3985bfabde43f46b8c4b88893096412f40b67c9a7b045090e4243266a7e

SHA512
ecf38d39a741a5c95162f52ede371fc13994f16c4cbd2727a804460a73a964ed5f61487685ec90dbaafba8f080ddcde16827c0895ce7c58df028c927e9aadd16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
625B

MD5
424f49019ee27deeca02d9f12bb2df34

SHA1
c0df40e80a7805aa8cf3d757f6ca4856db2cc003

SHA256
548613b8ae82dbc53ae915cdb7221b6e2863ff00d9bedeedba43c03fc4096420

SHA512
d9cfb0b59974914a36fcf7db1656116736f81488ed7fc98e9af36ec0c39a4770327b86052a0e6beebc4b9cb51acd3e1a0c535e510b6850957e1829aa59ae5994

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
f549245553430ed47a0d4e877e152d1a

SHA1
ca240886268fe1e2cb36bb2dfba233cbf7330f5e

SHA256
6e9759d1eb6fad05b27d331b369708ef3b99c3dc1ed6461a2b5cde5976464453

SHA512
d9738216e941187b8ef5f9231ff99d1eed41073722906cdaadc5b1e20abcd9ca71f11776d4290650170cd29fd31db73837c593c71e03a79b23983693a64c18c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6a887d5a90db8a8e0e7e64ec7fe0d74e

SHA1
9e568aea6a895832837de083ccffdc658bcd1f5e

SHA256
6843b5a6e6181262e0e16454237fc1b895867b3976b94d8497d2656ddec2f825

SHA512
f36819e5960bf7305cddee4aad30306638ae38aa974141c5948236dadd932462be34c156cbac21afaf3d103b66ecffd8487c93c6f80d4386eec2fabd43024e5f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
361dd980d2cfdc0922f0ea1dff42ab21

SHA1
699a4c25b9d95a9b8919aafd5896ad8f5da72e24

SHA256
b0323380b1c44f232861d5bb6d358fa4e9cb048dadaaf12c2a106a4f4e22db04

SHA512
f84a5bb101e25388e25701c5deff28863a4232ff548564c43021a7887ce4e6a1201022e943f2ba82b0694e2aa0c50420e6ea9310e04eb4dc632122c90df8b285

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit