a693442f5db21feceeb9f15f328122c37531e4be6c4fec1ec8be1bc72cebb66a

Analysis

max time kernel
149s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
15/10/2024, 02:05

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

45496a49aebca3eb655a6d645619b63f_JaffaCakes118.html
Size

56KB
MD5

45496a49aebca3eb655a6d645619b63f
SHA1

d2c3487bb667288b5415fc571b4a1a31f3b06207
SHA256

a693442f5db21feceeb9f15f328122c37531e4be6c4fec1ec8be1bc72cebb66a
SHA512

0383404c47bbfc2b77b70f57948945957f94e011cdc7d648303ec7966a53490b025675b2cf4c8e0083a7b87b9f9ee0ecb04221a936289f3ac58757d62ec4efa3
SSDEEP

384:l3lIcGtl43NGTHhF8bgPtW9+gTG+ex3PcjYttuozkxJo7UcHnzJzUNFvobRZtRrP:3A5yoIcHFgNBobRfOCE6ghAxLZ

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
512	msedge.exe
512	msedge.exe
5080	msedge.exe
5080	msedge.exe
5048	identity_helper.exe
5048	identity_helper.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5080 wrote to memory of 2588	5080	msedge.exe	84
PID 5080 wrote to memory of 2588	5080	msedge.exe	84
PID 5080 wrote to memory of 924	5080	msedge.exe	85
PID 5080 wrote to memory of 924	5080	msedge.exe	85
PID 5080 wrote to memory of 924	5080	msedge.exe	85
PID 5080 wrote to memory of 924	5080	msedge.exe	85
PID 5080 wrote to memory of 924	5080	msedge.exe	85
PID 5080 wrote to memory of 924	5080	msedge.exe	85
PID 5080 wrote to memory of 924	5080	msedge.exe	85
PID 5080 wrote to memory of 924	5080	msedge.exe	85
PID 5080 wrote to memory of 924	5080	msedge.exe	85
PID 5080 wrote to memory of 924	5080	msedge.exe	85
PID 5080 wrote to memory of 924	5080	msedge.exe	85
PID 5080 wrote to memory of 924	5080	msedge.exe	85
PID 5080 wrote to memory of 924	5080	msedge.exe	85
PID 5080 wrote to memory of 924	5080	msedge.exe	85
PID 5080 wrote to memory of 924	5080	msedge.exe	85
PID 5080 wrote to memory of 924	5080	msedge.exe	85
PID 5080 wrote to memory of 924	5080	msedge.exe	85
PID 5080 wrote to memory of 924	5080	msedge.exe	85
PID 5080 wrote to memory of 924	5080	msedge.exe	85
PID 5080 wrote to memory of 924	5080	msedge.exe	85
PID 5080 wrote to memory of 924	5080	msedge.exe	85
PID 5080 wrote to memory of 924	5080	msedge.exe	85
PID 5080 wrote to memory of 924	5080	msedge.exe	85
PID 5080 wrote to memory of 924	5080	msedge.exe	85
PID 5080 wrote to memory of 924	5080	msedge.exe	85
PID 5080 wrote to memory of 924	5080	msedge.exe	85
PID 5080 wrote to memory of 924	5080	msedge.exe	85
PID 5080 wrote to memory of 924	5080	msedge.exe	85
PID 5080 wrote to memory of 924	5080	msedge.exe	85
PID 5080 wrote to memory of 924	5080	msedge.exe	85
PID 5080 wrote to memory of 924	5080	msedge.exe	85
PID 5080 wrote to memory of 924	5080	msedge.exe	85
PID 5080 wrote to memory of 924	5080	msedge.exe	85
PID 5080 wrote to memory of 924	5080	msedge.exe	85
PID 5080 wrote to memory of 924	5080	msedge.exe	85
PID 5080 wrote to memory of 924	5080	msedge.exe	85
PID 5080 wrote to memory of 924	5080	msedge.exe	85
PID 5080 wrote to memory of 924	5080	msedge.exe	85
PID 5080 wrote to memory of 924	5080	msedge.exe	85
PID 5080 wrote to memory of 924	5080	msedge.exe	85
PID 5080 wrote to memory of 512	5080	msedge.exe	86
PID 5080 wrote to memory of 512	5080	msedge.exe	86
PID 5080 wrote to memory of 1588	5080	msedge.exe	87
PID 5080 wrote to memory of 1588	5080	msedge.exe	87
PID 5080 wrote to memory of 1588	5080	msedge.exe	87
PID 5080 wrote to memory of 1588	5080	msedge.exe	87
PID 5080 wrote to memory of 1588	5080	msedge.exe	87
PID 5080 wrote to memory of 1588	5080	msedge.exe	87
PID 5080 wrote to memory of 1588	5080	msedge.exe	87
PID 5080 wrote to memory of 1588	5080	msedge.exe	87
PID 5080 wrote to memory of 1588	5080	msedge.exe	87
PID 5080 wrote to memory of 1588	5080	msedge.exe	87
PID 5080 wrote to memory of 1588	5080	msedge.exe	87
PID 5080 wrote to memory of 1588	5080	msedge.exe	87
PID 5080 wrote to memory of 1588	5080	msedge.exe	87
PID 5080 wrote to memory of 1588	5080	msedge.exe	87
PID 5080 wrote to memory of 1588	5080	msedge.exe	87
PID 5080 wrote to memory of 1588	5080	msedge.exe	87
PID 5080 wrote to memory of 1588	5080	msedge.exe	87
PID 5080 wrote to memory of 1588	5080	msedge.exe	87
PID 5080 wrote to memory of 1588	5080	msedge.exe	87
PID 5080 wrote to memory of 1588	5080	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\45496a49aebca3eb655a6d645619b63f_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc69e246f8,0x7ffc69e24708,0x7ffc69e24718
  2⤵
  PID:2588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2036,5603720576534493812,17443105468148946614,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2056 /prefetch:2
  2⤵
  PID:924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2036,5603720576534493812,17443105468148946614,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2036,5603720576534493812,17443105468148946614,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2880 /prefetch:8
  2⤵
  PID:1588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,5603720576534493812,17443105468148946614,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:4868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,5603720576534493812,17443105468148946614,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:1876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,5603720576534493812,17443105468148946614,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3816 /prefetch:1
  2⤵
  PID:1848
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2036,5603720576534493812,17443105468148946614,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5552 /prefetch:8
  2⤵
  PID:1332
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2036,5603720576534493812,17443105468148946614,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5552 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,5603720576534493812,17443105468148946614,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5600 /prefetch:1
  2⤵
  PID:3644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,5603720576534493812,17443105468148946614,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5576 /prefetch:1
  2⤵
  PID:1560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,5603720576534493812,17443105468148946614,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5108 /prefetch:1
  2⤵
  PID:3524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,5603720576534493812,17443105468148946614,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5244 /prefetch:1
  2⤵
  PID:1916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2036,5603720576534493812,17443105468148946614,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5636 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4856

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5012

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3332

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
85ba073d7015b6ce7da19235a275f6da

SHA1
a23c8c2125e45a0788bac14423ae1f3eab92cf00

SHA256
5ad04b8c19bf43b550ad725202f79086168ecccabe791100fba203d9aa27e617

SHA512
eb4fd72d7030ea1a25af2b59769b671a5760735fb95d18145f036a8d9e6f42c903b34a7e606046c740c644fab0bb9f5b7335c1869b098f121579e71f10f5a9c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7de1bbdc1f9cf1a58ae1de4951ce8cb9

SHA1
010da169e15457c25bd80ef02d76a940c1210301

SHA256
6e390bbc0d03a652516705775e8e9a7b7936312a8a5bea407f9d7d9fa99d957e

SHA512
e4a33f2128883e71ab41e803e8b55d0ac17cbc51be3bde42bed157df24f10f34ad264f74ef3254dbe30d253aca03158fde21518c2b78aaa05dae8308b1c5f30c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
65475ab7dc7a0f23be0c32cb9fb410d8

SHA1
877e9ef6663ec668c172d9c474479512e1db5f88

SHA256
4bde91ee326ba92e654d8722104c5157673d6bfab19047d61c9348d7da7ea81b

SHA512
2cc88d6353cdfccebf401fd8df979c7d0f404943db0fb5555d67de6c8c349a29bf267ab390216d0af4225d7824fe8c284aa63566ecc7bd869b2d830e765150a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
51064213f1d0f51d54d9d560ef8860a3

SHA1
96623d956a3287afaa801ed7d1cc192893ad50ee

SHA256
875f7adc2d30e7e941d55171b60999abd62a9df545808daef338af00b311efb6

SHA512
cd3c4dbc75acb516618437ff374e00e642b96a3b94b424070036e0375fc5106946080d48a929e95b26e9a6eeaefac2cdf0dd91daa4a29e39b007367294447723

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
08dd5a8cb37b6a98886bcc73e6be2e79

SHA1
3a6dbbddfcfcac32550c83480aaed33a928ccd99

SHA256
5d7088dc3ab1acf7bcfdd825aaf3c6a5ab899531d8f8fab7a8e8e2ca75489e19

SHA512
06e62487e9bbe0d7a5b4120cb59cb93626101ff1c05412f9f34be52a3c2c8a56600dd8509612c1b96ab26e15bb3178eace94cb28a9db1f8f4da0bd6c895affa5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
45f6988c27917e519e20adc27c9c7b25

SHA1
ceadcc80ece9b86614601cfd41f192cfbea33910

SHA256
34b4e6ddebb17edd1fe34fa180ed6bb4aa717167a00c3399e6633b6e8a9c4ea3

SHA512
bee8fc641cba3edf5fbde7802215131cf19dabaf9e3c17055cad997e058ac4bac027847c177b57de3d648dfb4e4b9e6bc8966e0fe4148c61f201b7cb1f2a8a3d

Download Submit