2421ecc1319acefe4c741dd1d75d58f7aabe590d5de145f1fa9c03a0a33c2277

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
09/10/2024, 07:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2d80383cf10226b586249ff4367a1e9e_JaffaCakes118.html
Size

69KB
MD5

2d80383cf10226b586249ff4367a1e9e
SHA1

7afe93c395ffe4afd2b63508468c521bca399e5b
SHA256

2421ecc1319acefe4c741dd1d75d58f7aabe590d5de145f1fa9c03a0a33c2277
SHA512

77710aba7c6447957b50355fa34fb589c272d9ddbc691b3caa85a59ee0344f9be7e25224b03948b2e379acb6b6e71e93f501d898881e3d6f8c8af5c1234093d8
SSDEEP

1536:S50Mck1ydhFXq/1HkNq/NRpZwiuSV/PkzYSrtj4h/d46JMdHGxJgTLUOQt1jr50W:SLcicHGxJgTLUOQt1jr50pef8nx0LaFY

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2460	msedge.exe
2460	msedge.exe
2136	msedge.exe
2136	msedge.exe
2880	identity_helper.exe
2880	identity_helper.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2136 wrote to memory of 1276	2136	msedge.exe	83
PID 2136 wrote to memory of 1276	2136	msedge.exe	83
PID 2136 wrote to memory of 540	2136	msedge.exe	84
PID 2136 wrote to memory of 540	2136	msedge.exe	84
PID 2136 wrote to memory of 540	2136	msedge.exe	84
PID 2136 wrote to memory of 540	2136	msedge.exe	84
PID 2136 wrote to memory of 540	2136	msedge.exe	84
PID 2136 wrote to memory of 540	2136	msedge.exe	84
PID 2136 wrote to memory of 540	2136	msedge.exe	84
PID 2136 wrote to memory of 540	2136	msedge.exe	84
PID 2136 wrote to memory of 540	2136	msedge.exe	84
PID 2136 wrote to memory of 540	2136	msedge.exe	84
PID 2136 wrote to memory of 540	2136	msedge.exe	84
PID 2136 wrote to memory of 540	2136	msedge.exe	84
PID 2136 wrote to memory of 540	2136	msedge.exe	84
PID 2136 wrote to memory of 540	2136	msedge.exe	84
PID 2136 wrote to memory of 540	2136	msedge.exe	84
PID 2136 wrote to memory of 540	2136	msedge.exe	84
PID 2136 wrote to memory of 540	2136	msedge.exe	84
PID 2136 wrote to memory of 540	2136	msedge.exe	84
PID 2136 wrote to memory of 540	2136	msedge.exe	84
PID 2136 wrote to memory of 540	2136	msedge.exe	84
PID 2136 wrote to memory of 540	2136	msedge.exe	84
PID 2136 wrote to memory of 540	2136	msedge.exe	84
PID 2136 wrote to memory of 540	2136	msedge.exe	84
PID 2136 wrote to memory of 540	2136	msedge.exe	84
PID 2136 wrote to memory of 540	2136	msedge.exe	84
PID 2136 wrote to memory of 540	2136	msedge.exe	84
PID 2136 wrote to memory of 540	2136	msedge.exe	84
PID 2136 wrote to memory of 540	2136	msedge.exe	84
PID 2136 wrote to memory of 540	2136	msedge.exe	84
PID 2136 wrote to memory of 540	2136	msedge.exe	84
PID 2136 wrote to memory of 540	2136	msedge.exe	84
PID 2136 wrote to memory of 540	2136	msedge.exe	84
PID 2136 wrote to memory of 540	2136	msedge.exe	84
PID 2136 wrote to memory of 540	2136	msedge.exe	84
PID 2136 wrote to memory of 540	2136	msedge.exe	84
PID 2136 wrote to memory of 540	2136	msedge.exe	84
PID 2136 wrote to memory of 540	2136	msedge.exe	84
PID 2136 wrote to memory of 540	2136	msedge.exe	84
PID 2136 wrote to memory of 540	2136	msedge.exe	84
PID 2136 wrote to memory of 540	2136	msedge.exe	84
PID 2136 wrote to memory of 2460	2136	msedge.exe	85
PID 2136 wrote to memory of 2460	2136	msedge.exe	85
PID 2136 wrote to memory of 3504	2136	msedge.exe	86
PID 2136 wrote to memory of 3504	2136	msedge.exe	86
PID 2136 wrote to memory of 3504	2136	msedge.exe	86
PID 2136 wrote to memory of 3504	2136	msedge.exe	86
PID 2136 wrote to memory of 3504	2136	msedge.exe	86
PID 2136 wrote to memory of 3504	2136	msedge.exe	86
PID 2136 wrote to memory of 3504	2136	msedge.exe	86
PID 2136 wrote to memory of 3504	2136	msedge.exe	86
PID 2136 wrote to memory of 3504	2136	msedge.exe	86
PID 2136 wrote to memory of 3504	2136	msedge.exe	86
PID 2136 wrote to memory of 3504	2136	msedge.exe	86
PID 2136 wrote to memory of 3504	2136	msedge.exe	86
PID 2136 wrote to memory of 3504	2136	msedge.exe	86
PID 2136 wrote to memory of 3504	2136	msedge.exe	86
PID 2136 wrote to memory of 3504	2136	msedge.exe	86
PID 2136 wrote to memory of 3504	2136	msedge.exe	86
PID 2136 wrote to memory of 3504	2136	msedge.exe	86
PID 2136 wrote to memory of 3504	2136	msedge.exe	86
PID 2136 wrote to memory of 3504	2136	msedge.exe	86
PID 2136 wrote to memory of 3504	2136	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\2d80383cf10226b586249ff4367a1e9e_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffed61946f8,0x7ffed6194708,0x7ffed6194718
  2⤵
  PID:1276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1500,15398045726486170115,15218361540572915265,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2
  2⤵
  PID:540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1500,15398045726486170115,15218361540572915265,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2332 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1500,15398045726486170115,15218361540572915265,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2976 /prefetch:8
  2⤵
  PID:3504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1500,15398045726486170115,15218361540572915265,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:3316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1500,15398045726486170115,15218361540572915265,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3440 /prefetch:1
  2⤵
  PID:4820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1500,15398045726486170115,15218361540572915265,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1768 /prefetch:1
  2⤵
  PID:2308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1500,15398045726486170115,15218361540572915265,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6008 /prefetch:1
  2⤵
  PID:1128
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1500,15398045726486170115,15218361540572915265,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5648 /prefetch:8
  2⤵
  PID:4788
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1500,15398045726486170115,15218361540572915265,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5648 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1500,15398045726486170115,15218361540572915265,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3488 /prefetch:1
  2⤵
  PID:1168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1500,15398045726486170115,15218361540572915265,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3520 /prefetch:1
  2⤵
  PID:2868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1500,15398045726486170115,15218361540572915265,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5980 /prefetch:1
  2⤵
  PID:3972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1500,15398045726486170115,15218361540572915265,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5028 /prefetch:1
  2⤵
  PID:4032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1500,15398045726486170115,15218361540572915265,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5460 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5116

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2108

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4884

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
fab8d8d865e33fe195732aa7dcb91c30

SHA1
2637e832f38acc70af3e511f5eba80fbd7461f2c

SHA256
1b034ffe38e534e2b7a21be7c1f207ff84a1d5f3893207d0b4bb1a509b4185ea

SHA512
39a3d43ef7e28fea2cb247a5d09576a4904a43680db8c32139f22a03d80f6ede98708a2452f3f82232b868501340f79c0b3f810f597bcaf5267c3ccfb1704b43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
36988ca14952e1848e81a959880ea217

SHA1
a0482ef725657760502c2d1a5abe0bb37aebaadb

SHA256
d7e96088b37cec1bde202ae8ec2d2f3c3aafc368b6ebd91b3e2985846facf2e6

SHA512
d04b2f5afec92eb3d9f9cdc148a3eddd1b615e0dfb270566a7969576f50881d1f8572bccb8b9fd7993724bdfe36fc7633a33381d43e0b96c4e9bbd53fc010173

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\009e97af-2149-4416-af68-6e9552f99e38.tmp

Filesize
549B

MD5
dd0edf755c9151dc8e39f1a60639cfed

SHA1
c33a4ffc4bcceca937863eed9bb56c82b10c6ad3

SHA256
79497007485e3daa13b38b20b283080516d5caf83cfe3539a6b75f2ed7ade845

SHA512
0bc48f44575690d98980cdd83fbe786b9670107216ade2e9660884435884e702d6f1f5329e579484d35dd93b3ada2cf462e855bd85b29fe1f7af9fcd4a7882bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f2456e7519787c16531abbf30fc4244a

SHA1
aea8aa477a0b70735bb00d39c5976ff4ac9a2d5a

SHA256
e590e449983b0f0bf356aba9f7679ffbfc2ed62a5344524e26a4ffb00e6f1e3c

SHA512
09fc1119b203bd37632e9b18b1da422f280bd36e38eca36250f873b26afdfd5e7cffe54b11bb2e1435c2bf4c207d304b015cfd8d572e5a076bb973ff467a623d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8276ed0470f2fc802a79af49f82df3f0

SHA1
e0048c19e18ccdaa808cea4725da08f6564fe628

SHA256
6c53d39a13d3ea850573ac4d01c0b509a1c7871a8101c168ab5bfbf2db5d8c49

SHA512
8b5fff16bb59ced845b4ce3128677529577be1974f0042d0cf0045add3c9c8622cc35d9eb59f9b3230349fd911d659a468ac83628ad33a66fe540b9e9af1a6f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
cf39dd7476c687965abb9da457b4be17

SHA1
6a2bff7f9ee5367d98c29c76afabc24c9da39c74

SHA256
96f754e0f8ff9824135384f43be2f3310202b106fa1f0adba8cafd32c081db9e

SHA512
735937a54f3a1033ffb712442811492544f5a19e30def43f0b230117ae40e382fd4c46cca18dfbc1aba6711ba73357f332c213931b61c0756fc28f9f15b938c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
367ba1260e735fc221b79f66bee1ad9f

SHA1
0a2d44a01e1d544ececcd020572acf6405b9b754

SHA256
96e3fc20b3595a5ed184b004bfb0b038e67fd1848318f7adf7e22b304a52908c

SHA512
18003c5cb7a3a7b442e2811cbe24e5258db49eb405a26321a508bb3b71642032afb24a8bb569f8bbd69a8b280851634463281ca00b67f1a9fa57a41532c0d5a3

Download Submit