9b65aea5e97d866f2466a793f4f38ab7cc716a4b437bbb2d4cebaefbee734167

Analysis

max time kernel
145s
max time network
131s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
09/10/2024, 02:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

29477b915c42e1bc358142059d0d6672_JaffaCakes118.html
Size

21KB
MD5

29477b915c42e1bc358142059d0d6672
SHA1

99c879eb9ff29987d36abe1efbadd68028014ca3
SHA256

9b65aea5e97d866f2466a793f4f38ab7cc716a4b437bbb2d4cebaefbee734167
SHA512

6e12820f45930583880e07f5cd3818844f0ac88d3215f9e80142be8753f3d63942e417453c768214934657fa68d060d39c8961a6be722c70aec3cb41d47084d1
SSDEEP

384:X6841nszgAgDb6tsdrv+VLn+QQQQQHQQQQQ0p0YpqZHH0VNiOEJzmDUFI5:X63F9bNr20YQZHH0VuJ2Uu5

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
5004	msedge.exe
5004	msedge.exe
1832	msedge.exe
1832	msedge.exe
4432	identity_helper.exe
4432	identity_helper.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
1832	msedge.exe
1832	msedge.exe
1832	msedge.exe
1832	msedge.exe
1832	msedge.exe
1832	msedge.exe
1832	msedge.exe
1832	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1832	msedge.exe
1832	msedge.exe
1832	msedge.exe
1832	msedge.exe
1832	msedge.exe
1832	msedge.exe
1832	msedge.exe
1832	msedge.exe
1832	msedge.exe
1832	msedge.exe
1832	msedge.exe
1832	msedge.exe
1832	msedge.exe
1832	msedge.exe
1832	msedge.exe
1832	msedge.exe
1832	msedge.exe
1832	msedge.exe
1832	msedge.exe
1832	msedge.exe
1832	msedge.exe
1832	msedge.exe
1832	msedge.exe
1832	msedge.exe
1832	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1832	msedge.exe
1832	msedge.exe
1832	msedge.exe
1832	msedge.exe
1832	msedge.exe
1832	msedge.exe
1832	msedge.exe
1832	msedge.exe
1832	msedge.exe
1832	msedge.exe
1832	msedge.exe
1832	msedge.exe
1832	msedge.exe
1832	msedge.exe
1832	msedge.exe
1832	msedge.exe
1832	msedge.exe
1832	msedge.exe
1832	msedge.exe
1832	msedge.exe
1832	msedge.exe
1832	msedge.exe
1832	msedge.exe
1832	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1832 wrote to memory of 2184	1832	msedge.exe	83
PID 1832 wrote to memory of 2184	1832	msedge.exe	83
PID 1832 wrote to memory of 4884	1832	msedge.exe	84
PID 1832 wrote to memory of 4884	1832	msedge.exe	84
PID 1832 wrote to memory of 4884	1832	msedge.exe	84
PID 1832 wrote to memory of 4884	1832	msedge.exe	84
PID 1832 wrote to memory of 4884	1832	msedge.exe	84
PID 1832 wrote to memory of 4884	1832	msedge.exe	84
PID 1832 wrote to memory of 4884	1832	msedge.exe	84
PID 1832 wrote to memory of 4884	1832	msedge.exe	84
PID 1832 wrote to memory of 4884	1832	msedge.exe	84
PID 1832 wrote to memory of 4884	1832	msedge.exe	84
PID 1832 wrote to memory of 4884	1832	msedge.exe	84
PID 1832 wrote to memory of 4884	1832	msedge.exe	84
PID 1832 wrote to memory of 4884	1832	msedge.exe	84
PID 1832 wrote to memory of 4884	1832	msedge.exe	84
PID 1832 wrote to memory of 4884	1832	msedge.exe	84
PID 1832 wrote to memory of 4884	1832	msedge.exe	84
PID 1832 wrote to memory of 4884	1832	msedge.exe	84
PID 1832 wrote to memory of 4884	1832	msedge.exe	84
PID 1832 wrote to memory of 4884	1832	msedge.exe	84
PID 1832 wrote to memory of 4884	1832	msedge.exe	84
PID 1832 wrote to memory of 4884	1832	msedge.exe	84
PID 1832 wrote to memory of 4884	1832	msedge.exe	84
PID 1832 wrote to memory of 4884	1832	msedge.exe	84
PID 1832 wrote to memory of 4884	1832	msedge.exe	84
PID 1832 wrote to memory of 4884	1832	msedge.exe	84
PID 1832 wrote to memory of 4884	1832	msedge.exe	84
PID 1832 wrote to memory of 4884	1832	msedge.exe	84
PID 1832 wrote to memory of 4884	1832	msedge.exe	84
PID 1832 wrote to memory of 4884	1832	msedge.exe	84
PID 1832 wrote to memory of 4884	1832	msedge.exe	84
PID 1832 wrote to memory of 4884	1832	msedge.exe	84
PID 1832 wrote to memory of 4884	1832	msedge.exe	84
PID 1832 wrote to memory of 4884	1832	msedge.exe	84
PID 1832 wrote to memory of 4884	1832	msedge.exe	84
PID 1832 wrote to memory of 4884	1832	msedge.exe	84
PID 1832 wrote to memory of 4884	1832	msedge.exe	84
PID 1832 wrote to memory of 4884	1832	msedge.exe	84
PID 1832 wrote to memory of 4884	1832	msedge.exe	84
PID 1832 wrote to memory of 4884	1832	msedge.exe	84
PID 1832 wrote to memory of 4884	1832	msedge.exe	84
PID 1832 wrote to memory of 5004	1832	msedge.exe	85
PID 1832 wrote to memory of 5004	1832	msedge.exe	85
PID 1832 wrote to memory of 1444	1832	msedge.exe	86
PID 1832 wrote to memory of 1444	1832	msedge.exe	86
PID 1832 wrote to memory of 1444	1832	msedge.exe	86
PID 1832 wrote to memory of 1444	1832	msedge.exe	86
PID 1832 wrote to memory of 1444	1832	msedge.exe	86
PID 1832 wrote to memory of 1444	1832	msedge.exe	86
PID 1832 wrote to memory of 1444	1832	msedge.exe	86
PID 1832 wrote to memory of 1444	1832	msedge.exe	86
PID 1832 wrote to memory of 1444	1832	msedge.exe	86
PID 1832 wrote to memory of 1444	1832	msedge.exe	86
PID 1832 wrote to memory of 1444	1832	msedge.exe	86
PID 1832 wrote to memory of 1444	1832	msedge.exe	86
PID 1832 wrote to memory of 1444	1832	msedge.exe	86
PID 1832 wrote to memory of 1444	1832	msedge.exe	86
PID 1832 wrote to memory of 1444	1832	msedge.exe	86
PID 1832 wrote to memory of 1444	1832	msedge.exe	86
PID 1832 wrote to memory of 1444	1832	msedge.exe	86
PID 1832 wrote to memory of 1444	1832	msedge.exe	86
PID 1832 wrote to memory of 1444	1832	msedge.exe	86
PID 1832 wrote to memory of 1444	1832	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\29477b915c42e1bc358142059d0d6672_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffabb3246f8,0x7ffabb324708,0x7ffabb324718
  2⤵
  PID:2184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,445489656342753825,10707762914652077695,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2068 /prefetch:2
  2⤵
  PID:4884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2056,445489656342753825,10707762914652077695,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2364 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2056,445489656342753825,10707762914652077695,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2828 /prefetch:8
  2⤵
  PID:1444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,445489656342753825,10707762914652077695,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:4948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,445489656342753825,10707762914652077695,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:1376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,445489656342753825,10707762914652077695,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5004 /prefetch:1
  2⤵
  PID:1548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,445489656342753825,10707762914652077695,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4640 /prefetch:1
  2⤵
  PID:3336
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,445489656342753825,10707762914652077695,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5944 /prefetch:8
  2⤵
  PID:4056
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,445489656342753825,10707762914652077695,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5944 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,445489656342753825,10707762914652077695,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4716 /prefetch:1
  2⤵
  PID:384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,445489656342753825,10707762914652077695,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5528 /prefetch:1
  2⤵
  PID:2944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,445489656342753825,10707762914652077695,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4132 /prefetch:1
  2⤵
  PID:5064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,445489656342753825,10707762914652077695,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5368 /prefetch:1
  2⤵
  PID:3496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,445489656342753825,10707762914652077695,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4844 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2544

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2264

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5064

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
85ba073d7015b6ce7da19235a275f6da

SHA1
a23c8c2125e45a0788bac14423ae1f3eab92cf00

SHA256
5ad04b8c19bf43b550ad725202f79086168ecccabe791100fba203d9aa27e617

SHA512
eb4fd72d7030ea1a25af2b59769b671a5760735fb95d18145f036a8d9e6f42c903b34a7e606046c740c644fab0bb9f5b7335c1869b098f121579e71f10f5a9c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7de1bbdc1f9cf1a58ae1de4951ce8cb9

SHA1
010da169e15457c25bd80ef02d76a940c1210301

SHA256
6e390bbc0d03a652516705775e8e9a7b7936312a8a5bea407f9d7d9fa99d957e

SHA512
e4a33f2128883e71ab41e803e8b55d0ac17cbc51be3bde42bed157df24f10f34ad264f74ef3254dbe30d253aca03158fde21518c2b78aaa05dae8308b1c5f30c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
696B

MD5
b0c4548da596cb8939ae95ec2798e7a8

SHA1
66f79185cc281de269b32fccf3ecd29cdc2e727a

SHA256
0d2649d24c55d02ddd0bc10462377d1cf6ceafc7d99b0b3e2255a14827a174cf

SHA512
e6ae48edc41d95cc8dc661d66aa538efa2fecfcddf1b1b1e7d0a236713cf8a58ed1f08543fa3c512d65e6f12ee484b2b87baee158e338d1c9a3e7d55981bab0a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
db83a82de33a8973611facb6c70b275d

SHA1
0f067df1a7df71d12cbad3759beb0a8127dbecc0

SHA256
e9d8644eeee1abddc3167ec1a32a97304b5ce90f465c8e4aa8df76cc26ac045f

SHA512
795fad470882ca7ea8bb6b05ebfe78bf5487debb3b16b74ee6b2d861eba23ffb6ab1265fa65b3da838a768925f672e6c14b2ef93107500b33aa82159e48ce670

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
6ce34527457e92d4ee8b743696df5d0d

SHA1
3f2c532e147b4ef3509abb64c36f7afcdca9cce3

SHA256
30a8f912eea1b4ad218b7f039b8166bf36f839196ec1f4ad0951b404feffc762

SHA512
9e4fc32e02e0da2033426dfc9552050eb5eb070b82800fbd49a181ff6fe16e335a3650fe586f50ee33f9f5bc3ad06063310e519eb1636070010da0d17469bd70

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
51372cbf67c2716697f42f7401071456

SHA1
514d918f8c384cd96c9c98484b3374063e24cc99

SHA256
8ca9747384402d263868b2845b65b6e23f482248441071da9eade466f0cf4e71

SHA512
81b970207e6dc23e7220f3622bea8af283639bda07c32de6c0a22030b6c6556c925bafa1a87deef4d7fd9c0ea262d3bac8cbda19f184b4c43a2fb652907a5b81

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2fa82d1f67d4a5539974d17900bbfd39

SHA1
89bd23893fa8949bda1866a83fb6356c3d3d317c

SHA256
eab5290da4c91a617d03800b72655a85d0958347faa10853425dd90130bb168a

SHA512
bc64d0f4a963129d25eaff443f411225dff6ce1a9a4a27af8156c82e83f9a17b23cfc23698350243a1d468a9ed14a97eeccc983210034f4b382f9a805a28fe0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
02ad6ea01cf0d4d6e8556dd6c6a9ed3d

SHA1
75a63288a871c32a5c477041d99c93771f149c97

SHA256
c03b414b03252a2d6135649be1bf8b7abc06736eb5f8fd8ad5336cd7b10d9150

SHA512
f88a9f5d0a3267ba6d411aedc968abce9029ec085b7d6b1824d1eab47f783436b07523fc9d65df7b411dd9933396250dd8d3779ea8ea5466db509c64bf542baf

Download Submit