5ab5f6eb28ac110c05b2c74c4f0ed0d08fcd638b10af698d4651ffd158a38a48

Analysis

max time kernel
145s
max time network
139s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
17/08/2024, 19:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a3de91d0754e7287a334d085b8e6fc77_JaffaCakes118.html
Size

217KB
MD5

a3de91d0754e7287a334d085b8e6fc77
SHA1

935f3a65967aea7cd48f85ac4f5c1122b2c903d9
SHA256

5ab5f6eb28ac110c05b2c74c4f0ed0d08fcd638b10af698d4651ffd158a38a48
SHA512

f9283ca7aa819b3453089f39594457ac668128cc442f44a085195327fe26b205114df4015cbe43b6b53e240dc99d7efcd5801ae26821452c62878e9a2f8205f0
SSDEEP

3072:aN7OhaJhfDDyWfEY3dE7gjz8S+7FMEATa7gjz8S+7FMEATx4pmbIwDAQQ5ctp:aN7OhaJhfuzFJzFbmbIRlU

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1180	msedge.exe
1180	msedge.exe
3996	msedge.exe
3996	msedge.exe
4672	identity_helper.exe
4672	identity_helper.exe
2944	msedge.exe
2944	msedge.exe
2944	msedge.exe
2944	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3996 wrote to memory of 3952	3996	msedge.exe	84
PID 3996 wrote to memory of 3952	3996	msedge.exe	84
PID 3996 wrote to memory of 1000	3996	msedge.exe	85
PID 3996 wrote to memory of 1000	3996	msedge.exe	85
PID 3996 wrote to memory of 1000	3996	msedge.exe	85
PID 3996 wrote to memory of 1000	3996	msedge.exe	85
PID 3996 wrote to memory of 1000	3996	msedge.exe	85
PID 3996 wrote to memory of 1000	3996	msedge.exe	85
PID 3996 wrote to memory of 1000	3996	msedge.exe	85
PID 3996 wrote to memory of 1000	3996	msedge.exe	85
PID 3996 wrote to memory of 1000	3996	msedge.exe	85
PID 3996 wrote to memory of 1000	3996	msedge.exe	85
PID 3996 wrote to memory of 1000	3996	msedge.exe	85
PID 3996 wrote to memory of 1000	3996	msedge.exe	85
PID 3996 wrote to memory of 1000	3996	msedge.exe	85
PID 3996 wrote to memory of 1000	3996	msedge.exe	85
PID 3996 wrote to memory of 1000	3996	msedge.exe	85
PID 3996 wrote to memory of 1000	3996	msedge.exe	85
PID 3996 wrote to memory of 1000	3996	msedge.exe	85
PID 3996 wrote to memory of 1000	3996	msedge.exe	85
PID 3996 wrote to memory of 1000	3996	msedge.exe	85
PID 3996 wrote to memory of 1000	3996	msedge.exe	85
PID 3996 wrote to memory of 1000	3996	msedge.exe	85
PID 3996 wrote to memory of 1000	3996	msedge.exe	85
PID 3996 wrote to memory of 1000	3996	msedge.exe	85
PID 3996 wrote to memory of 1000	3996	msedge.exe	85
PID 3996 wrote to memory of 1000	3996	msedge.exe	85
PID 3996 wrote to memory of 1000	3996	msedge.exe	85
PID 3996 wrote to memory of 1000	3996	msedge.exe	85
PID 3996 wrote to memory of 1000	3996	msedge.exe	85
PID 3996 wrote to memory of 1000	3996	msedge.exe	85
PID 3996 wrote to memory of 1000	3996	msedge.exe	85
PID 3996 wrote to memory of 1000	3996	msedge.exe	85
PID 3996 wrote to memory of 1000	3996	msedge.exe	85
PID 3996 wrote to memory of 1000	3996	msedge.exe	85
PID 3996 wrote to memory of 1000	3996	msedge.exe	85
PID 3996 wrote to memory of 1000	3996	msedge.exe	85
PID 3996 wrote to memory of 1000	3996	msedge.exe	85
PID 3996 wrote to memory of 1000	3996	msedge.exe	85
PID 3996 wrote to memory of 1000	3996	msedge.exe	85
PID 3996 wrote to memory of 1000	3996	msedge.exe	85
PID 3996 wrote to memory of 1000	3996	msedge.exe	85
PID 3996 wrote to memory of 1180	3996	msedge.exe	86
PID 3996 wrote to memory of 1180	3996	msedge.exe	86
PID 3996 wrote to memory of 1440	3996	msedge.exe	87
PID 3996 wrote to memory of 1440	3996	msedge.exe	87
PID 3996 wrote to memory of 1440	3996	msedge.exe	87
PID 3996 wrote to memory of 1440	3996	msedge.exe	87
PID 3996 wrote to memory of 1440	3996	msedge.exe	87
PID 3996 wrote to memory of 1440	3996	msedge.exe	87
PID 3996 wrote to memory of 1440	3996	msedge.exe	87
PID 3996 wrote to memory of 1440	3996	msedge.exe	87
PID 3996 wrote to memory of 1440	3996	msedge.exe	87
PID 3996 wrote to memory of 1440	3996	msedge.exe	87
PID 3996 wrote to memory of 1440	3996	msedge.exe	87
PID 3996 wrote to memory of 1440	3996	msedge.exe	87
PID 3996 wrote to memory of 1440	3996	msedge.exe	87
PID 3996 wrote to memory of 1440	3996	msedge.exe	87
PID 3996 wrote to memory of 1440	3996	msedge.exe	87
PID 3996 wrote to memory of 1440	3996	msedge.exe	87
PID 3996 wrote to memory of 1440	3996	msedge.exe	87
PID 3996 wrote to memory of 1440	3996	msedge.exe	87
PID 3996 wrote to memory of 1440	3996	msedge.exe	87
PID 3996 wrote to memory of 1440	3996	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a3de91d0754e7287a334d085b8e6fc77_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbd45c46f8,0x7ffbd45c4708,0x7ffbd45c4718
  2⤵
  PID:3952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,13490050887970281708,7697714873788531613,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2096 /prefetch:2
  2⤵
  PID:1000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,13490050887970281708,7697714873788531613,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2088,13490050887970281708,7697714873788531613,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2768 /prefetch:8
  2⤵
  PID:1440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13490050887970281708,7697714873788531613,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
  2⤵
  PID:3096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13490050887970281708,7697714873788531613,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
  2⤵
  PID:4180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13490050887970281708,7697714873788531613,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5000 /prefetch:1
  2⤵
  PID:1232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13490050887970281708,7697714873788531613,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5272 /prefetch:1
  2⤵
  PID:4496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13490050887970281708,7697714873788531613,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5412 /prefetch:1
  2⤵
  PID:3976
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,13490050887970281708,7697714873788531613,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5948 /prefetch:8
  2⤵
  PID:2824
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,13490050887970281708,7697714873788531613,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5948 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13490050887970281708,7697714873788531613,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5032 /prefetch:1
  2⤵
  PID:2472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13490050887970281708,7697714873788531613,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5128 /prefetch:1
  2⤵
  PID:1400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13490050887970281708,7697714873788531613,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6080 /prefetch:1
  2⤵
  PID:5000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13490050887970281708,7697714873788531613,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4844 /prefetch:1
  2⤵
  PID:4620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,13490050887970281708,7697714873788531613,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1792 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2944

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:392

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4972

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ecf7ca53c80b5245e35839009d12f866

SHA1
a7af77cf31d410708ebd35a232a80bddfb0615bb

SHA256
882a513b71b26210ff251769b82b2c5d59a932f96d9ce606ca2fab6530a13687

SHA512
706722bd22ce27d854036b1b16e6a3cdb36284b66edc76238a79c2e11cee7d1307b121c898ad832eb1af73e4f08d991d64dc0bff529896ffb4ebe9b3dc381696

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4dd2754d1bea40445984d65abee82b21

SHA1
4b6a5658bae9a784a370a115fbb4a12e92bd3390

SHA256
183b8e82a0deaa83d04736553671cedb738adc909f483b3c5f822a0e6be7477d

SHA512
92d44ee372ad33f892b921efa6cabc78e91025e89f05a22830763217826fa98d51d55711f85c8970ac58abf9adc6c85cc40878032cd6d2589ab226cd099f99e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
c781fc64ac0cab6870eda88e396da675

SHA1
6a5009f7260950de14873c3fc0c35a76f10181d9

SHA256
9355eea5f161df00ab7be2cded4cd7ff8d5abc3e077e8020abdaf8d64ab2f2d8

SHA512
3616f3d5007c173c0f4c8f6fe45def0de66b0748ec9b9cc26d759bbb91a05f58eecf46aea7c760be7942cfd94560fb17e31f98c4c322404107d0b69a59b778a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
b646fbc7360d57a5375673069c80d698

SHA1
6f60459b76db26cecececb17de3f2ce8e7810577

SHA256
dfc2b94b97da33148fa27ecfca7ea0c1c365935a7a3fb8d761d66831436b6e26

SHA512
cbca66db15996c2e22cdf5bfa32adc42c0fb1a68db20c267e0291509e9f143c40a1a05a7a4ca2f63b689a50d95c5948b0836393c9626d95a7277d93d849889a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
e64a319be4092bd4346fbb133a86d959

SHA1
6ebf4321688eb67d49a9fbeb743fd7b4c5b736f4

SHA256
b2fc6d14f603a5a8fe1308dd9767e21f785731706e42a40d1e662072549d70a8

SHA512
0a4faae38cc724cacae5e718b6971eb0146f24fb8d9a89750ed37a3a55da102d9fc7cd065e34bcba6969a73cc5d7f9776eb5ddc7674bae9223024fca947dd057

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
e6282ecd80d1131f508777e5563ce437

SHA1
308872ffcdcabe7e3bac193312dbd939f676a383

SHA256
5de8a9ea60a1f1510407a5ab54f74944d4804b42f1698455141ce8b6eef84c28

SHA512
64b1e256c71e61a33d19722730d9de093302c231eb9bb7fd43153008326cc4dd3d450c3a40adfb3df2e604d48875fba5049e0d827d46e1a48ad905fd812d0794

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
a8aa7ac880e9697c0843694ba980b712

SHA1
6fd79a189cd4c432bd6c923ddad789e9e0bec1a8

SHA256
cc4c8162b48dc2c6103389d9dc9f45431e630dccfbc90b5323885259e27e5cb1

SHA512
d558efec899131a07d1589f2d2af52a7e5f2d03b946db23d5b354d4e410eaf16bc78175702b64082dfb5c89dc6e65034545d96e69699c354aa4943e725df1268

Download Submit