c4eedbe91f357d4e9974ca1fd60db55e67fa03d63731c3ac890781f23d92dedf

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
13/06/2024, 02:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a394cb61de369c22f51e47df5d9092c3_JaffaCakes118.html
Size

45KB
MD5

a394cb61de369c22f51e47df5d9092c3
SHA1

5c368ed32ffec78a543dcebfa996ef739332541b
SHA256

c4eedbe91f357d4e9974ca1fd60db55e67fa03d63731c3ac890781f23d92dedf
SHA512

c2875574ca1c6fe67cb1dd061153198c34e25a35c3472b435d17214d6b1175401e16922540494f696501106be21cc941f61a6c1e1987e5275be55300aad806ef
SSDEEP

192:wd3vv0sQ0kkiQP52VHEdqI49A/hmtcaraqgfJG1JIPSCz20ajqR7dTztVwJBm9AK:wd3vMikBEdqI49A/hmtcarauERhl5KJK

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4112	msedge.exe
4112	msedge.exe
2700	msedge.exe
2700	msedge.exe
2992	identity_helper.exe
2992	identity_helper.exe
2824	msedge.exe
2824	msedge.exe
2824	msedge.exe
2824	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2700 wrote to memory of 2380	2700	msedge.exe	84
PID 2700 wrote to memory of 2380	2700	msedge.exe	84
PID 2700 wrote to memory of 3484	2700	msedge.exe	85
PID 2700 wrote to memory of 3484	2700	msedge.exe	85
PID 2700 wrote to memory of 3484	2700	msedge.exe	85
PID 2700 wrote to memory of 3484	2700	msedge.exe	85
PID 2700 wrote to memory of 3484	2700	msedge.exe	85
PID 2700 wrote to memory of 3484	2700	msedge.exe	85
PID 2700 wrote to memory of 3484	2700	msedge.exe	85
PID 2700 wrote to memory of 3484	2700	msedge.exe	85
PID 2700 wrote to memory of 3484	2700	msedge.exe	85
PID 2700 wrote to memory of 3484	2700	msedge.exe	85
PID 2700 wrote to memory of 3484	2700	msedge.exe	85
PID 2700 wrote to memory of 3484	2700	msedge.exe	85
PID 2700 wrote to memory of 3484	2700	msedge.exe	85
PID 2700 wrote to memory of 3484	2700	msedge.exe	85
PID 2700 wrote to memory of 3484	2700	msedge.exe	85
PID 2700 wrote to memory of 3484	2700	msedge.exe	85
PID 2700 wrote to memory of 3484	2700	msedge.exe	85
PID 2700 wrote to memory of 3484	2700	msedge.exe	85
PID 2700 wrote to memory of 3484	2700	msedge.exe	85
PID 2700 wrote to memory of 3484	2700	msedge.exe	85
PID 2700 wrote to memory of 3484	2700	msedge.exe	85
PID 2700 wrote to memory of 3484	2700	msedge.exe	85
PID 2700 wrote to memory of 3484	2700	msedge.exe	85
PID 2700 wrote to memory of 3484	2700	msedge.exe	85
PID 2700 wrote to memory of 3484	2700	msedge.exe	85
PID 2700 wrote to memory of 3484	2700	msedge.exe	85
PID 2700 wrote to memory of 3484	2700	msedge.exe	85
PID 2700 wrote to memory of 3484	2700	msedge.exe	85
PID 2700 wrote to memory of 3484	2700	msedge.exe	85
PID 2700 wrote to memory of 3484	2700	msedge.exe	85
PID 2700 wrote to memory of 3484	2700	msedge.exe	85
PID 2700 wrote to memory of 3484	2700	msedge.exe	85
PID 2700 wrote to memory of 3484	2700	msedge.exe	85
PID 2700 wrote to memory of 3484	2700	msedge.exe	85
PID 2700 wrote to memory of 3484	2700	msedge.exe	85
PID 2700 wrote to memory of 3484	2700	msedge.exe	85
PID 2700 wrote to memory of 3484	2700	msedge.exe	85
PID 2700 wrote to memory of 3484	2700	msedge.exe	85
PID 2700 wrote to memory of 3484	2700	msedge.exe	85
PID 2700 wrote to memory of 3484	2700	msedge.exe	85
PID 2700 wrote to memory of 4112	2700	msedge.exe	86
PID 2700 wrote to memory of 4112	2700	msedge.exe	86
PID 2700 wrote to memory of 4856	2700	msedge.exe	87
PID 2700 wrote to memory of 4856	2700	msedge.exe	87
PID 2700 wrote to memory of 4856	2700	msedge.exe	87
PID 2700 wrote to memory of 4856	2700	msedge.exe	87
PID 2700 wrote to memory of 4856	2700	msedge.exe	87
PID 2700 wrote to memory of 4856	2700	msedge.exe	87
PID 2700 wrote to memory of 4856	2700	msedge.exe	87
PID 2700 wrote to memory of 4856	2700	msedge.exe	87
PID 2700 wrote to memory of 4856	2700	msedge.exe	87
PID 2700 wrote to memory of 4856	2700	msedge.exe	87
PID 2700 wrote to memory of 4856	2700	msedge.exe	87
PID 2700 wrote to memory of 4856	2700	msedge.exe	87
PID 2700 wrote to memory of 4856	2700	msedge.exe	87
PID 2700 wrote to memory of 4856	2700	msedge.exe	87
PID 2700 wrote to memory of 4856	2700	msedge.exe	87
PID 2700 wrote to memory of 4856	2700	msedge.exe	87
PID 2700 wrote to memory of 4856	2700	msedge.exe	87
PID 2700 wrote to memory of 4856	2700	msedge.exe	87
PID 2700 wrote to memory of 4856	2700	msedge.exe	87
PID 2700 wrote to memory of 4856	2700	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a394cb61de369c22f51e47df5d9092c3_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcdd4c46f8,0x7ffcdd4c4708,0x7ffcdd4c4718
  2⤵
  PID:2380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,9253634222567605289,5905111419680615782,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2176 /prefetch:2
  2⤵
  PID:3484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2164,9253634222567605289,5905111419680615782,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2164,9253634222567605289,5905111419680615782,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2888 /prefetch:8
  2⤵
  PID:4856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,9253634222567605289,5905111419680615782,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:4312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,9253634222567605289,5905111419680615782,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,9253634222567605289,5905111419680615782,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4952 /prefetch:1
  2⤵
  PID:4476
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2164,9253634222567605289,5905111419680615782,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5376 /prefetch:8
  2⤵
  PID:3992
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2164,9253634222567605289,5905111419680615782,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5376 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,9253634222567605289,5905111419680615782,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5192 /prefetch:1
  2⤵
  PID:1908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,9253634222567605289,5905111419680615782,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6004 /prefetch:1
  2⤵
  PID:4408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,9253634222567605289,5905111419680615782,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4076 /prefetch:1
  2⤵
  PID:1960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,9253634222567605289,5905111419680615782,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6104 /prefetch:1
  2⤵
  PID:3460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,9253634222567605289,5905111419680615782,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4920 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2824

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4224

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2748

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
db9081c34e133c32d02f593df88f047a

SHA1
a0da007c14fd0591091924edc44bee90456700c6

SHA256
c9cd202ebb55fe8dd3e5563948bab458e947d7ba33bc0f38c6b37ce5d0bd7c3e

SHA512
12f9809958b024571891fae646208a76f3823ae333716a5cec303e15c38281db042b7acf95bc6523b6328ac9c8644794d39a0e03d9db196f156a6ee1fb4f2744

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
3a09f853479af373691d131247040276

SHA1
1b6f098e04da87e9cf2d3284943ec2144f36ac04

SHA256
a358de2c0eba30c70a56022c44a3775aa99ffa819cd7f42f7c45ac358b5e739f

SHA512
341cf0f363621ee02525cd398ae0d462319c6a80e05fd25d9aca44234c42a3071b51991d4cf102ac9d89561a1567cbe76dfeaad786a304bec33821ca77080016

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\7b03f728-70f5-4351-a9be-7b842d612392.tmp

Filesize
6KB

MD5
cf462a481bd7cdb01a745c7d77b294e5

SHA1
0633439bd6a7305fe5fb745f0d3fa1a82735496c

SHA256
5b4b2b194566fab7dd84d10d9b336633b2fd21ac6667190e3400e26a6e5053d1

SHA512
2dda53992277f0b33d88653290ab553664b33641dafc1224cce8f470f871648d53c8988b1772169904fda2e6d29d642cd1bb2172e640de1c13b48de83c9bb820

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
3ebf75f099707ec9c755dab25df8c603

SHA1
140fda6a38a5e60c6d3d65d69802a1d6c08eb418

SHA256
15378d40549d9924643750518954bdf970bb2976344db698f34777e33079346b

SHA512
915e4ffe8dd3790d619da8da40d9662ff4a6d0e016267b4c5c3afb988c0794d2d6a53f23b1304536e1eba9e825baa72012c2bc6338ef586fafbc7c16debc80a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
714B

MD5
371d55ed93dd0827b2e343019d11c5e7

SHA1
7011f307da1f777860bad5d09461f921aa7bbef2

SHA256
167e4cbcac65f745879c17919b73c0294013f25b1114f76b4b57a59c47cdae91

SHA512
469a34e406c4932f8cc571b9cdb9fb13c06e6bba10ba410e1fb262c965906fd4c8ea48eea842fa57b7e63a95860cbba0e5bd86cb37aba9e305fa9084264cd99e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c41d486530fa94c59fde1e2ea9f355c7

SHA1
b8c8e881d0b1b5664448519a8444d9abd19db0fd

SHA256
13c5999f3dcc3f71acef068918f4a5206482ccf46949fa3914874e83cf2611a3

SHA512
ceee7ac20efb60be4de1756e4e232f1fce74bd2bde25d2791cd4d625f23d7adf1e7d984c9cdab8eda652b12d1c1528f84eb5eb9a66a4cd2de82b5eefa8ec60bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
372B

MD5
aa798297e34ced250d82a5171261d115

SHA1
49d79bd3390cd7ffc55904f33846ca960602b75b

SHA256
43098f62f36db720aed733df59f4d1eccc16fe679a52955ab77c0ed393bb1e37

SHA512
e7f957c508ae32cc9a6a1d110c451edd1b736aeaddd47ebd4f01b90f71d37b84a61ea24a7381e51f0f9dab3074fce61514381d1ee9077eff0035bcb9e9b6daf5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57a364.TMP

Filesize
372B

MD5
c927e21401e1cbf93faf42e0ea341111

SHA1
abbe9bdf942311aeb70cdad0f94adad0d03b56b6

SHA256
d789f5a43a0ad97fe53dcd868ac8e17d5e024eceaa075c435994249b246b76db

SHA512
df7095afa4a0c2de0411cc633f2756299b202c40db3649c771dc98240169abfbd339603070ac0f056a3c3f134a1dc34e6aec5ebbc9ba22d38f22c32f1348b165

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
f2959ad030c2216713c21995f9f1547d

SHA1
e00106715f98628fdb304ec5c0b44703e0059192

SHA256
79f74a00f73a8b4475b48b030ede99a9cdd74b3328cf852ea7ab2b263f6ceb29

SHA512
2ba0761bca4afef3e42b65be6bd19d37dc0c942faa489661309fcbcd3c653c2140861ea1b31dca39d2149abf28d543c68b15746081ad2dedec4effec4c6d0436

Download Submit