559077e08ff5acc3178c20116cc96b401ad5bf7c1cff0da4a6cc7b767b56846f

Analysis

max time kernel
145s
max time network
142s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
09-12-2024 10:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d91df6f397a32d33d5020562ebccc2e5_JaffaCakes118.html
Size

130KB
MD5

d91df6f397a32d33d5020562ebccc2e5
SHA1

3849a63189720f36c5f47d79b45bd2a70f4d6182
SHA256

559077e08ff5acc3178c20116cc96b401ad5bf7c1cff0da4a6cc7b767b56846f
SHA512

3439383daea51bb1e42f15539d52dfb978e64dac82de0380279add67b2c9b9d1c0da2d9d27ab2242efc847794e18ac3336871de8e178963ffc467d3221f858be
SSDEEP

768:2Ok1ATx+Bw24Tp7VDOeipt+CpC0/gAtnakyhYkmQEDCheNQGOXB9kCjclp06cVxe:2uHDO2CpBgNky9Z5jclpXcDOEtD83

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3640	msedge.exe
3640	msedge.exe
3748	msedge.exe
3748	msedge.exe
4456	identity_helper.exe
4456	identity_helper.exe
3600	msedge.exe
3600	msedge.exe
3600	msedge.exe
3600	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
3748	msedge.exe
3748	msedge.exe
3748	msedge.exe
3748	msedge.exe
3748	msedge.exe
3748	msedge.exe
3748	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3748	msedge.exe
3748	msedge.exe
3748	msedge.exe
3748	msedge.exe
3748	msedge.exe
3748	msedge.exe
3748	msedge.exe
3748	msedge.exe
3748	msedge.exe
3748	msedge.exe
3748	msedge.exe
3748	msedge.exe
3748	msedge.exe
3748	msedge.exe
3748	msedge.exe
3748	msedge.exe
3748	msedge.exe
3748	msedge.exe
3748	msedge.exe
3748	msedge.exe
3748	msedge.exe
3748	msedge.exe
3748	msedge.exe
3748	msedge.exe
3748	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3748	msedge.exe
3748	msedge.exe
3748	msedge.exe
3748	msedge.exe
3748	msedge.exe
3748	msedge.exe
3748	msedge.exe
3748	msedge.exe
3748	msedge.exe
3748	msedge.exe
3748	msedge.exe
3748	msedge.exe
3748	msedge.exe
3748	msedge.exe
3748	msedge.exe
3748	msedge.exe
3748	msedge.exe
3748	msedge.exe
3748	msedge.exe
3748	msedge.exe
3748	msedge.exe
3748	msedge.exe
3748	msedge.exe
3748	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3748 wrote to memory of 408	3748	msedge.exe	82
PID 3748 wrote to memory of 408	3748	msedge.exe	82
PID 3748 wrote to memory of 4800	3748	msedge.exe	83
PID 3748 wrote to memory of 4800	3748	msedge.exe	83
PID 3748 wrote to memory of 4800	3748	msedge.exe	83
PID 3748 wrote to memory of 4800	3748	msedge.exe	83
PID 3748 wrote to memory of 4800	3748	msedge.exe	83
PID 3748 wrote to memory of 4800	3748	msedge.exe	83
PID 3748 wrote to memory of 4800	3748	msedge.exe	83
PID 3748 wrote to memory of 4800	3748	msedge.exe	83
PID 3748 wrote to memory of 4800	3748	msedge.exe	83
PID 3748 wrote to memory of 4800	3748	msedge.exe	83
PID 3748 wrote to memory of 4800	3748	msedge.exe	83
PID 3748 wrote to memory of 4800	3748	msedge.exe	83
PID 3748 wrote to memory of 4800	3748	msedge.exe	83
PID 3748 wrote to memory of 4800	3748	msedge.exe	83
PID 3748 wrote to memory of 4800	3748	msedge.exe	83
PID 3748 wrote to memory of 4800	3748	msedge.exe	83
PID 3748 wrote to memory of 4800	3748	msedge.exe	83
PID 3748 wrote to memory of 4800	3748	msedge.exe	83
PID 3748 wrote to memory of 4800	3748	msedge.exe	83
PID 3748 wrote to memory of 4800	3748	msedge.exe	83
PID 3748 wrote to memory of 4800	3748	msedge.exe	83
PID 3748 wrote to memory of 4800	3748	msedge.exe	83
PID 3748 wrote to memory of 4800	3748	msedge.exe	83
PID 3748 wrote to memory of 4800	3748	msedge.exe	83
PID 3748 wrote to memory of 4800	3748	msedge.exe	83
PID 3748 wrote to memory of 4800	3748	msedge.exe	83
PID 3748 wrote to memory of 4800	3748	msedge.exe	83
PID 3748 wrote to memory of 4800	3748	msedge.exe	83
PID 3748 wrote to memory of 4800	3748	msedge.exe	83
PID 3748 wrote to memory of 4800	3748	msedge.exe	83
PID 3748 wrote to memory of 4800	3748	msedge.exe	83
PID 3748 wrote to memory of 4800	3748	msedge.exe	83
PID 3748 wrote to memory of 4800	3748	msedge.exe	83
PID 3748 wrote to memory of 4800	3748	msedge.exe	83
PID 3748 wrote to memory of 4800	3748	msedge.exe	83
PID 3748 wrote to memory of 4800	3748	msedge.exe	83
PID 3748 wrote to memory of 4800	3748	msedge.exe	83
PID 3748 wrote to memory of 4800	3748	msedge.exe	83
PID 3748 wrote to memory of 4800	3748	msedge.exe	83
PID 3748 wrote to memory of 4800	3748	msedge.exe	83
PID 3748 wrote to memory of 3640	3748	msedge.exe	84
PID 3748 wrote to memory of 3640	3748	msedge.exe	84
PID 3748 wrote to memory of 2960	3748	msedge.exe	85
PID 3748 wrote to memory of 2960	3748	msedge.exe	85
PID 3748 wrote to memory of 2960	3748	msedge.exe	85
PID 3748 wrote to memory of 2960	3748	msedge.exe	85
PID 3748 wrote to memory of 2960	3748	msedge.exe	85
PID 3748 wrote to memory of 2960	3748	msedge.exe	85
PID 3748 wrote to memory of 2960	3748	msedge.exe	85
PID 3748 wrote to memory of 2960	3748	msedge.exe	85
PID 3748 wrote to memory of 2960	3748	msedge.exe	85
PID 3748 wrote to memory of 2960	3748	msedge.exe	85
PID 3748 wrote to memory of 2960	3748	msedge.exe	85
PID 3748 wrote to memory of 2960	3748	msedge.exe	85
PID 3748 wrote to memory of 2960	3748	msedge.exe	85
PID 3748 wrote to memory of 2960	3748	msedge.exe	85
PID 3748 wrote to memory of 2960	3748	msedge.exe	85
PID 3748 wrote to memory of 2960	3748	msedge.exe	85
PID 3748 wrote to memory of 2960	3748	msedge.exe	85
PID 3748 wrote to memory of 2960	3748	msedge.exe	85
PID 3748 wrote to memory of 2960	3748	msedge.exe	85
PID 3748 wrote to memory of 2960	3748	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\d91df6f397a32d33d5020562ebccc2e5_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcd55e46f8,0x7ffcd55e4708,0x7ffcd55e4718
  2⤵
  PID:408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,3580611369085373648,809733189555252008,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2
  2⤵
  PID:4800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,3580611369085373648,809733189555252008,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,3580611369085373648,809733189555252008,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2884 /prefetch:8
  2⤵
  PID:2960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,3580611369085373648,809733189555252008,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
  2⤵
  PID:1824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,3580611369085373648,809733189555252008,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
  2⤵
  PID:2632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,3580611369085373648,809733189555252008,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6128 /prefetch:1
  2⤵
  PID:3208
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,3580611369085373648,809733189555252008,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5656 /prefetch:8
  2⤵
  PID:2740
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,3580611369085373648,809733189555252008,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5656 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,3580611369085373648,809733189555252008,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5600 /prefetch:1
  2⤵
  PID:3520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,3580611369085373648,809733189555252008,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5856 /prefetch:1
  2⤵
  PID:4484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,3580611369085373648,809733189555252008,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5364 /prefetch:1
  2⤵
  PID:3020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,3580611369085373648,809733189555252008,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6100 /prefetch:1
  2⤵
  PID:4048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,3580611369085373648,809733189555252008,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4848 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3600

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4272

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2732

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
fab8d8d865e33fe195732aa7dcb91c30

SHA1
2637e832f38acc70af3e511f5eba80fbd7461f2c

SHA256
1b034ffe38e534e2b7a21be7c1f207ff84a1d5f3893207d0b4bb1a509b4185ea

SHA512
39a3d43ef7e28fea2cb247a5d09576a4904a43680db8c32139f22a03d80f6ede98708a2452f3f82232b868501340f79c0b3f810f597bcaf5267c3ccfb1704b43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
36988ca14952e1848e81a959880ea217

SHA1
a0482ef725657760502c2d1a5abe0bb37aebaadb

SHA256
d7e96088b37cec1bde202ae8ec2d2f3c3aafc368b6ebd91b3e2985846facf2e6

SHA512
d04b2f5afec92eb3d9f9cdc148a3eddd1b615e0dfb270566a7969576f50881d1f8572bccb8b9fd7993724bdfe36fc7633a33381d43e0b96c4e9bbd53fc010173

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
394B

MD5
e814408cf5f9453ff4f063facc8d8b3a

SHA1
8803cb1accddf2bed86119c7f386a6804bf8544a

SHA256
1e07e523b58c31f1f4ebbf8bf6f40ab02c46cf17b6d591bfd40d4f7d021b6c04

SHA512
29c4165b547ee4a83ba5e2bcab7ff88afc5a4cdebce216790fade2fb0c0bcd722ac124d754def669f8943466ed9096c085a077723f1274a9f58c32e555b9d1f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6e63e67363377a9da79573353bb09577

SHA1
4295c77791baf685c27f348ea5024fc33632304f

SHA256
f7ad34d45824c9285cae1f6ee1f07b382f4ecc67544a6cd96f13741d67d91a50

SHA512
3c4ea84432270f60bebf0bf1d24f6ae5d69fc57765153060c094e8150be87bdf1554a1eefc1f03c54e887c4c24b763574b17a019106220ec9f81d19787a95ffb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
3f62a5655e53c9a65f33a67b3f2976eb

SHA1
35f87ae99acdf6c4c1085190614f1da6f9e5224b

SHA256
c4bd5881a750b734a1dcd52d6e080076bd12066bc2d8e370a2836d1a2c8e0e3f

SHA512
66ddb771a4d75f12a419d10355d52831d2ecd5ac81382658bb08f639e78c8e046cd168304ffb3a6a96db7ef8ab09748c665210e300a2058f5b57d67667b34778

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e21ce4212edde8f909df0271118c7589

SHA1
e82d82ece414b2044865c55cf94f66abca25c446

SHA256
76d46d569b1aafa860623ed46602dec8dcb31470539b920d59f44b9aef5b8251

SHA512
3d98f53f63cbf0fc1ba866831e149aece00e4b9fee85b88122ea50ba21aaa492cb69d492dbdf07df8c40dd60fae613783b8ab130582c47700a61605b535d0c4f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d926c9466da8527a67433b1602386ec6

SHA1
e687f5740495f03eaedcdffc7b0049444c4d864d

SHA256
8d15b803233e9a76c9cba9df46e6937a1846bfb7a52b9024379351d07cbea137

SHA512
b795881179a283494b0b7a2d9102495b18b454f94e6728cf21f07c5da159f120a1dad98ee8293725b37d4aad9cb0a1b2d52e93b050cebccee51b995475b32da4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
8e7b2c32b728d6ab2c5ffd6be33317ba

SHA1
be47423aeb2d4eed15c15cefd3b66c27a3f42db6

SHA256
bd351d5c68b90c67f79a1753d4af4045851422b7fbed969cb10266365051cd8b

SHA512
acdc7dfb830f9e9d0df71c1667959ef2eadb40e1166db72ccb75ab7fd469b2794de9509bb241ac4d9c342560f1cee3ac69dd42f063322a474614b5861fb587d7

Download Submit