f2ef9cac9fdd9d6a781f78437ad2896c8b787bfc9acd022e58656edb6ed38190

Analysis

max time kernel
145s
max time network
138s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
10/05/2024, 09:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2e8cd31b786fed4c26bd6d677e9e656e_JaffaCakes118.html
Size

197KB
MD5

2e8cd31b786fed4c26bd6d677e9e656e
SHA1

a74b1077a53fa030b068096174c23d61f8b96963
SHA256

f2ef9cac9fdd9d6a781f78437ad2896c8b787bfc9acd022e58656edb6ed38190
SHA512

08a56e6c853aa21bc898aaf8e5dfd355f4258ca274d8a022ffcd33400defb6d639456e2254b8069d9f8289da1cf02a09fdd33f8aee1258905aae63674199e5fb
SSDEEP

3072:GVk3ixEHzKqLGTfq+L1y8rl+KxJxKbk5U+KxeC5C:xulrQSnfSeiC

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2308	msedge.exe
2308	msedge.exe
3948	msedge.exe
3948	msedge.exe
2620	identity_helper.exe
2620	identity_helper.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3948 wrote to memory of 1320	3948	msedge.exe	83
PID 3948 wrote to memory of 1320	3948	msedge.exe	83
PID 3948 wrote to memory of 4836	3948	msedge.exe	84
PID 3948 wrote to memory of 4836	3948	msedge.exe	84
PID 3948 wrote to memory of 4836	3948	msedge.exe	84
PID 3948 wrote to memory of 4836	3948	msedge.exe	84
PID 3948 wrote to memory of 4836	3948	msedge.exe	84
PID 3948 wrote to memory of 4836	3948	msedge.exe	84
PID 3948 wrote to memory of 4836	3948	msedge.exe	84
PID 3948 wrote to memory of 4836	3948	msedge.exe	84
PID 3948 wrote to memory of 4836	3948	msedge.exe	84
PID 3948 wrote to memory of 4836	3948	msedge.exe	84
PID 3948 wrote to memory of 4836	3948	msedge.exe	84
PID 3948 wrote to memory of 4836	3948	msedge.exe	84
PID 3948 wrote to memory of 4836	3948	msedge.exe	84
PID 3948 wrote to memory of 4836	3948	msedge.exe	84
PID 3948 wrote to memory of 4836	3948	msedge.exe	84
PID 3948 wrote to memory of 4836	3948	msedge.exe	84
PID 3948 wrote to memory of 4836	3948	msedge.exe	84
PID 3948 wrote to memory of 4836	3948	msedge.exe	84
PID 3948 wrote to memory of 4836	3948	msedge.exe	84
PID 3948 wrote to memory of 4836	3948	msedge.exe	84
PID 3948 wrote to memory of 4836	3948	msedge.exe	84
PID 3948 wrote to memory of 4836	3948	msedge.exe	84
PID 3948 wrote to memory of 4836	3948	msedge.exe	84
PID 3948 wrote to memory of 4836	3948	msedge.exe	84
PID 3948 wrote to memory of 4836	3948	msedge.exe	84
PID 3948 wrote to memory of 4836	3948	msedge.exe	84
PID 3948 wrote to memory of 4836	3948	msedge.exe	84
PID 3948 wrote to memory of 4836	3948	msedge.exe	84
PID 3948 wrote to memory of 4836	3948	msedge.exe	84
PID 3948 wrote to memory of 4836	3948	msedge.exe	84
PID 3948 wrote to memory of 4836	3948	msedge.exe	84
PID 3948 wrote to memory of 4836	3948	msedge.exe	84
PID 3948 wrote to memory of 4836	3948	msedge.exe	84
PID 3948 wrote to memory of 4836	3948	msedge.exe	84
PID 3948 wrote to memory of 4836	3948	msedge.exe	84
PID 3948 wrote to memory of 4836	3948	msedge.exe	84
PID 3948 wrote to memory of 4836	3948	msedge.exe	84
PID 3948 wrote to memory of 4836	3948	msedge.exe	84
PID 3948 wrote to memory of 4836	3948	msedge.exe	84
PID 3948 wrote to memory of 4836	3948	msedge.exe	84
PID 3948 wrote to memory of 2308	3948	msedge.exe	85
PID 3948 wrote to memory of 2308	3948	msedge.exe	85
PID 3948 wrote to memory of 4672	3948	msedge.exe	86
PID 3948 wrote to memory of 4672	3948	msedge.exe	86
PID 3948 wrote to memory of 4672	3948	msedge.exe	86
PID 3948 wrote to memory of 4672	3948	msedge.exe	86
PID 3948 wrote to memory of 4672	3948	msedge.exe	86
PID 3948 wrote to memory of 4672	3948	msedge.exe	86
PID 3948 wrote to memory of 4672	3948	msedge.exe	86
PID 3948 wrote to memory of 4672	3948	msedge.exe	86
PID 3948 wrote to memory of 4672	3948	msedge.exe	86
PID 3948 wrote to memory of 4672	3948	msedge.exe	86
PID 3948 wrote to memory of 4672	3948	msedge.exe	86
PID 3948 wrote to memory of 4672	3948	msedge.exe	86
PID 3948 wrote to memory of 4672	3948	msedge.exe	86
PID 3948 wrote to memory of 4672	3948	msedge.exe	86
PID 3948 wrote to memory of 4672	3948	msedge.exe	86
PID 3948 wrote to memory of 4672	3948	msedge.exe	86
PID 3948 wrote to memory of 4672	3948	msedge.exe	86
PID 3948 wrote to memory of 4672	3948	msedge.exe	86
PID 3948 wrote to memory of 4672	3948	msedge.exe	86
PID 3948 wrote to memory of 4672	3948	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\2e8cd31b786fed4c26bd6d677e9e656e_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8426246f8,0x7ff842624708,0x7ff842624718
  2⤵
  PID:1320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,13873001281357022978,9831213913189840606,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2184 /prefetch:2
  2⤵
  PID:4836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2172,13873001281357022978,9831213913189840606,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2236 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2172,13873001281357022978,9831213913189840606,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2824 /prefetch:8
  2⤵
  PID:4672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,13873001281357022978,9831213913189840606,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
  2⤵
  PID:1512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,13873001281357022978,9831213913189840606,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:1504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,13873001281357022978,9831213913189840606,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5216 /prefetch:1
  2⤵
  PID:2284
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2172,13873001281357022978,9831213913189840606,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5884 /prefetch:8
  2⤵
  PID:3488
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2172,13873001281357022978,9831213913189840606,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5884 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,13873001281357022978,9831213913189840606,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5936 /prefetch:1
  2⤵
  PID:1520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,13873001281357022978,9831213913189840606,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5912 /prefetch:1
  2⤵
  PID:2628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,13873001281357022978,9831213913189840606,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2164 /prefetch:1
  2⤵
  PID:4256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,13873001281357022978,9831213913189840606,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5420 /prefetch:1
  2⤵
  PID:3668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,13873001281357022978,9831213913189840606,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3476

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4084

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3204

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ae54e9db2e89f2c54da8cc0bfcbd26bd

SHA1
a88af6c673609ecbc51a1a60dfbc8577830d2b5d

SHA256
5009d3c953de63cfd14a7d911156c514e179ff07d2b94382d9caac6040cb72af

SHA512
e3b70e5eb7321b9deca6f6a17424a15b9fd5c4008bd3789bd01099fd13cb2f4a2f37fe4b920fb51c50517745b576c1f94df83efd1a7e75949551163985599998

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f53207a5ca2ef5c7e976cbb3cb26d870

SHA1
49a8cc44f53da77bb3dfb36fc7676ed54675db43

SHA256
19ab4e3c9da6d9cedda7461efdba9a2085e743513ab89f1dd0fd5a8f9486ad23

SHA512
be734c7e8afda19f445912aef0d78f9941add29baebd4a812bff27f10a1d78b52aeb11c551468c8644443c86e1a2a6b2e4aead3d7f81d39925e3c20406ac1499

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
8369a592bd890d93aaa8aa46c59f707d

SHA1
8cded58ed9619d85bc1b594f07ccda2bd093f822

SHA256
f08f06f57008d21cd6975e18160d0bc0be0613b39839bd5f63cbd39435ea142b

SHA512
e19190671ac71087299bf43939d3f3b0e68201d31fb2b6bc5760354813589f3d25032d623f4f51655e9b1bd43f117151cb2ba5d33f73f1232794835e3e991c80

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
799B

MD5
55cff44588429e5413967c56e2ea809a

SHA1
1efe15bcb28eb6322ec7f1227b264dfaa6b60bc6

SHA256
7284f12f5cfafea82e52308b300abdd647f8a1c19993b19c29f778551e3b299f

SHA512
ad5f71337a6c261cbb14dc171ce4db1334e7e2b3c556fbf7df5f56189f25d06f96cd4096da26805c0d9aeb1507d28e921915e21ff1078092296203f2444935bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
737B

MD5
87818f3b14e17795a247f2f2eed728d9

SHA1
508fe8f0ca2140ce38042882aa6c3fc474eb22d7

SHA256
89ff30040a6ee7479bca1988be0a4c6d8bce7498dbba08b095a62d1608d68249

SHA512
d5f200385c11f0b3aca2474d9ed276ad4428c4de2b72c47c13be3dd68bbf3e2986d9e216af094aa3b936744bb8e68ef480e4cfba0ea20f5a6267a88868e4dc9a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
d1f16e23e4690575e417daac1e03f519

SHA1
1705988f1667d3640aec055d7fd21af2a00ceb11

SHA256
40ec6e1c21ceff6e5f8154c0f2a12b9cfc922afc59598965dcb5b808da88d7e7

SHA512
79dfbc94bd7086c7f4b906439d7e92673aa04ede7a86e39ba7ede1ca842729b81827d653e7c13d827f8bb68519a6653eb756d9686face59463138cd139783ae5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a4236decb527688e418fd7e5f98476c5

SHA1
8c2867ae14dc379e4d20fef5742a102207d12011

SHA256
c58d1350f67fabc7331867e04ab720130371a4205465a793416bc87d56d83e94

SHA512
08666f0a55f314b869eda1226dc31251907a7a95175a1604481dc6b76ccfccd2e6377e76a7d201210271b1a5b2b357245e2ccfbd84355d950a187ffe643f15f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6f4a85b1611cf8f2393956f8ba2834b7

SHA1
6da4878509f1c4aa529872eab1bbdf73c5d4b8ea

SHA256
efc48d35864004232d1786c00ea571811d80a91ba34d601bdd790f26f828df55

SHA512
6f0994ea1961d56108f4709cf44fee433da28531e6e3a11eac209e34c703c3f10f205b04a364329fbd46fce667821bce8ba86f26e1f6bccbf78025ca79e1ed7b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
efb5ad2db1cafbb6e3949351a09272ed

SHA1
93f68d9a51bdd8927a9c85979845c683e38a1347

SHA256
135f62ad59095e4dfb3bcbbd3eb5e82bc76550140baa3ccedbbc350a6057122f

SHA512
629c20cb9a8058b66a5c2ce19423cf937d5be783d76d9fafd50c4e3f061b69d5e0faafc520359270035d72ec1caa5942501ac25d79cdd48e60c46116efb96da4

Download Submit