c7b00b80b8d81a8a5be3252942e14e190f00ead1bce45403871dd73061ad8c54

Analysis

max time kernel
145s
max time network
139s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
28/06/2024, 02:20

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

187059cd9cd21f24bc8d749e165841d9_JaffaCakes118.html
Size

90KB
MD5

187059cd9cd21f24bc8d749e165841d9
SHA1

02970890c25e9f6afe3c4ff4c37342fd762cd061
SHA256

c7b00b80b8d81a8a5be3252942e14e190f00ead1bce45403871dd73061ad8c54
SHA512

0e21f21ef2ecb2a5e4b58690a78e068662ccd176aed5564eda9c897e40103e8fd337d86e7fa214dc4d60edc56083218e80e441578d0055c9c5cd4fdf3ea91255
SSDEEP

1536:eRElZqpFx0gltDH/f4WTyu0LyQzCkmdFoX9yorySQ4iebGuOt/fzYoOGLtumMPHG:faJfAuDN8b2sH1Pks23

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1564	msedge.exe
1564	msedge.exe
3116	msedge.exe
3116	msedge.exe
880	identity_helper.exe
880	identity_helper.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3116 wrote to memory of 3004	3116	msedge.exe	82
PID 3116 wrote to memory of 3004	3116	msedge.exe	82
PID 3116 wrote to memory of 760	3116	msedge.exe	83
PID 3116 wrote to memory of 760	3116	msedge.exe	83
PID 3116 wrote to memory of 760	3116	msedge.exe	83
PID 3116 wrote to memory of 760	3116	msedge.exe	83
PID 3116 wrote to memory of 760	3116	msedge.exe	83
PID 3116 wrote to memory of 760	3116	msedge.exe	83
PID 3116 wrote to memory of 760	3116	msedge.exe	83
PID 3116 wrote to memory of 760	3116	msedge.exe	83
PID 3116 wrote to memory of 760	3116	msedge.exe	83
PID 3116 wrote to memory of 760	3116	msedge.exe	83
PID 3116 wrote to memory of 760	3116	msedge.exe	83
PID 3116 wrote to memory of 760	3116	msedge.exe	83
PID 3116 wrote to memory of 760	3116	msedge.exe	83
PID 3116 wrote to memory of 760	3116	msedge.exe	83
PID 3116 wrote to memory of 760	3116	msedge.exe	83
PID 3116 wrote to memory of 760	3116	msedge.exe	83
PID 3116 wrote to memory of 760	3116	msedge.exe	83
PID 3116 wrote to memory of 760	3116	msedge.exe	83
PID 3116 wrote to memory of 760	3116	msedge.exe	83
PID 3116 wrote to memory of 760	3116	msedge.exe	83
PID 3116 wrote to memory of 760	3116	msedge.exe	83
PID 3116 wrote to memory of 760	3116	msedge.exe	83
PID 3116 wrote to memory of 760	3116	msedge.exe	83
PID 3116 wrote to memory of 760	3116	msedge.exe	83
PID 3116 wrote to memory of 760	3116	msedge.exe	83
PID 3116 wrote to memory of 760	3116	msedge.exe	83
PID 3116 wrote to memory of 760	3116	msedge.exe	83
PID 3116 wrote to memory of 760	3116	msedge.exe	83
PID 3116 wrote to memory of 760	3116	msedge.exe	83
PID 3116 wrote to memory of 760	3116	msedge.exe	83
PID 3116 wrote to memory of 760	3116	msedge.exe	83
PID 3116 wrote to memory of 760	3116	msedge.exe	83
PID 3116 wrote to memory of 760	3116	msedge.exe	83
PID 3116 wrote to memory of 760	3116	msedge.exe	83
PID 3116 wrote to memory of 760	3116	msedge.exe	83
PID 3116 wrote to memory of 760	3116	msedge.exe	83
PID 3116 wrote to memory of 760	3116	msedge.exe	83
PID 3116 wrote to memory of 760	3116	msedge.exe	83
PID 3116 wrote to memory of 760	3116	msedge.exe	83
PID 3116 wrote to memory of 760	3116	msedge.exe	83
PID 3116 wrote to memory of 1564	3116	msedge.exe	84
PID 3116 wrote to memory of 1564	3116	msedge.exe	84
PID 3116 wrote to memory of 3132	3116	msedge.exe	85
PID 3116 wrote to memory of 3132	3116	msedge.exe	85
PID 3116 wrote to memory of 3132	3116	msedge.exe	85
PID 3116 wrote to memory of 3132	3116	msedge.exe	85
PID 3116 wrote to memory of 3132	3116	msedge.exe	85
PID 3116 wrote to memory of 3132	3116	msedge.exe	85
PID 3116 wrote to memory of 3132	3116	msedge.exe	85
PID 3116 wrote to memory of 3132	3116	msedge.exe	85
PID 3116 wrote to memory of 3132	3116	msedge.exe	85
PID 3116 wrote to memory of 3132	3116	msedge.exe	85
PID 3116 wrote to memory of 3132	3116	msedge.exe	85
PID 3116 wrote to memory of 3132	3116	msedge.exe	85
PID 3116 wrote to memory of 3132	3116	msedge.exe	85
PID 3116 wrote to memory of 3132	3116	msedge.exe	85
PID 3116 wrote to memory of 3132	3116	msedge.exe	85
PID 3116 wrote to memory of 3132	3116	msedge.exe	85
PID 3116 wrote to memory of 3132	3116	msedge.exe	85
PID 3116 wrote to memory of 3132	3116	msedge.exe	85
PID 3116 wrote to memory of 3132	3116	msedge.exe	85
PID 3116 wrote to memory of 3132	3116	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\187059cd9cd21f24bc8d749e165841d9_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffefebc46f8,0x7ffefebc4708,0x7ffefebc4718
  2⤵
  PID:3004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,8385296650100097570,4012616110181960954,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2084 /prefetch:2
  2⤵
  PID:760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,8385296650100097570,4012616110181960954,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,8385296650100097570,4012616110181960954,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2804 /prefetch:8
  2⤵
  PID:3132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,8385296650100097570,4012616110181960954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:1500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,8385296650100097570,4012616110181960954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,8385296650100097570,4012616110181960954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4160 /prefetch:1
  2⤵
  PID:748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,8385296650100097570,4012616110181960954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4700 /prefetch:1
  2⤵
  PID:4924
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,8385296650100097570,4012616110181960954,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5884 /prefetch:8
  2⤵
  PID:456
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,8385296650100097570,4012616110181960954,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5884 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,8385296650100097570,4012616110181960954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5680 /prefetch:1
  2⤵
  PID:4572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,8385296650100097570,4012616110181960954,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5788 /prefetch:1
  2⤵
  PID:4600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,8385296650100097570,4012616110181960954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4156 /prefetch:1
  2⤵
  PID:404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,8385296650100097570,4012616110181960954,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5740 /prefetch:1
  2⤵
  PID:4508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,8385296650100097570,4012616110181960954,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5136 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4896

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4636

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1968

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4256

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
81e892ca5c5683efdf9135fe0f2adb15

SHA1
39159b30226d98a465ece1da28dc87088b20ecad

SHA256
830f394548cff6eed3608476190a7ee7d65fe651adc638c5b27ce58639a91e17

SHA512
c943f4cfe8615ac159cfac13c10b67e6c0c9093851dd3ac6dda3b82e195d3554e3c37962010a2d0ae5074828d376402624f0dda5499c9997e962e4cfd26444c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
56067634f68231081c4bd5bdbfcc202f

SHA1
5582776da6ffc75bb0973840fc3d15598bc09eb1

SHA256
8c08b0cbceb301c8f960aa674c6e7f6dbf40b4a1c2684e6fb0456ec5ff0e56b4

SHA512
c4657393e0b9ec682570d7e251644a858d33e056ccd0f3eebffd0fde25244b3a699b8d9244bcdac00d6f74b49833629b270e099c2b557f729a9066922583f784

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
ec81e658405a03a90b1d3b7cecc40e47

SHA1
e576f8a50e4cae5f446ab0735c3e26cf7fa23a0e

SHA256
3aff5c42e05da1050f7046674f2f0e480edc545ea04eae76ae5ba5db7c53518e

SHA512
dc9e804b391a1ec22f0fd59fbb9afe0d7ec3aa3c684384cfc748ca7dce7cb3d6a4c9c9cb8df8845f0b9dccda620026a91b79250afd02cef62b251ac533ab4556

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
59b36ec4842e89acae69ac61e31ff317

SHA1
c0eb1ee3a507137264ba97de43200338fbd4bf25

SHA256
5e1c04d3527ec4a213f97bbb3ec758565ea0c593fedf01c83560487c74b9abe2

SHA512
7eacc68ae3e896e8839b5cf5a9b1db6302bd22274f61ad7d42b0e0fcaeecb4449391a6d3e285a3432b726d79b479e507679dd40e8e8dd12714dc76bb6561c3f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
b219f708600a6234bcce3c309031ea33

SHA1
e1319d8491c8e90cf987c3eaff3eab47fa2cd6d4

SHA256
b6439e6ccdac1d7a93e8c997249abbb6229bd99306ba1601b22366ecf962a6bd

SHA512
b1e30ff5b0860d7bf7b98c445d1e9f9c16c464cb8a3ca0c3b25bc42257c40d6f771b0ad8e21bb4a3a237fbb601b569098e47c9d5bc593dbe1904beebc23db2af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
5bd39157ca7e10f6c549e450e2c80179

SHA1
8b4ca03ddea8ab8a28fafa187c1438108735cffe

SHA256
521c76401f610e6f2533bb6bfdc05786fb0d93e7022b22d97fd568029bd141cc

SHA512
f9a500dbdd5139031c2b71b730c7834a144f9c1b0aaee8b7c63252189b3120ac95f343c81cade7ef59b8cfb7842cf0cddb93ce8157eba01343e7a94df184189c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
f5466d38d1364c8b972d36e8dbf905f2

SHA1
3fe0e82769c984e0bbe7c4c2a0f4543f07e8c465

SHA256
0c9392cd3267be950f34d644afd83b02116e877c26546a1abcc63e1547db785f

SHA512
985ca464d3a13d1499f9d888f27ab199820fcc475ea71c4bcb1558cfbba741fd3afec7433c21009879fd16070351f9482505bcddfa9a91f3285caadfb4b43a5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
479b06db5ca9f4df9c4466ef3378c4ac

SHA1
84cd24e1155daa6f6aaa279ef459e07bcc280a89

SHA256
0c7813968f6091fd1a9bee686818fd83f516faa220e7cf413e2be618aab2ebc2

SHA512
00f5057f1763eb76c7efcf7178b809cfb5122761387512f7ba2da691fb3b72f566cdee38b080c4db00c6727f1d4c4f3ee5217bf202cb55c9da942e59a2a9957e

Download Submit