4b0c03ad03f3eadfb8dab53493a71a0bf34ba297841421bbbd9e1efe687e3f96

Analysis

max time kernel
145s
max time network
139s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
16/05/2024, 19:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4cc7472bec43445c510cea31b15f4b35_JaffaCakes118.html
Size

506KB
MD5

4cc7472bec43445c510cea31b15f4b35
SHA1

4fd04929b3b89dccb622122bba4a0e85f2f6a169
SHA256

4b0c03ad03f3eadfb8dab53493a71a0bf34ba297841421bbbd9e1efe687e3f96
SHA512

4eb75b6fde774393ffc430dbbd214a5527e4500b17feb693a601e0e5cdb8fb7ea7cfdd7e06a3f17d1dac96fa375a83d6f66532a9c01b438ee7887dd15bd6267a
SSDEEP

3072:wG+IpBxYUVR9zfs49PwVeL5AfPTmBcM2mq519:wG+IpBxS4tLuj

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4496	msedge.exe
4496	msedge.exe
2588	msedge.exe
2588	msedge.exe
1372	identity_helper.exe
1372	identity_helper.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
2588	msedge.exe
2588	msedge.exe
2588	msedge.exe
2588	msedge.exe
2588	msedge.exe
2588	msedge.exe
2588	msedge.exe
2588	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2588	msedge.exe
2588	msedge.exe
2588	msedge.exe
2588	msedge.exe
2588	msedge.exe
2588	msedge.exe
2588	msedge.exe
2588	msedge.exe
2588	msedge.exe
2588	msedge.exe
2588	msedge.exe
2588	msedge.exe
2588	msedge.exe
2588	msedge.exe
2588	msedge.exe
2588	msedge.exe
2588	msedge.exe
2588	msedge.exe
2588	msedge.exe
2588	msedge.exe
2588	msedge.exe
2588	msedge.exe
2588	msedge.exe
2588	msedge.exe
2588	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2588	msedge.exe
2588	msedge.exe
2588	msedge.exe
2588	msedge.exe
2588	msedge.exe
2588	msedge.exe
2588	msedge.exe
2588	msedge.exe
2588	msedge.exe
2588	msedge.exe
2588	msedge.exe
2588	msedge.exe
2588	msedge.exe
2588	msedge.exe
2588	msedge.exe
2588	msedge.exe
2588	msedge.exe
2588	msedge.exe
2588	msedge.exe
2588	msedge.exe
2588	msedge.exe
2588	msedge.exe
2588	msedge.exe
2588	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2588 wrote to memory of 2168	2588	msedge.exe	83
PID 2588 wrote to memory of 2168	2588	msedge.exe	83
PID 2588 wrote to memory of 2916	2588	msedge.exe	84
PID 2588 wrote to memory of 2916	2588	msedge.exe	84
PID 2588 wrote to memory of 2916	2588	msedge.exe	84
PID 2588 wrote to memory of 2916	2588	msedge.exe	84
PID 2588 wrote to memory of 2916	2588	msedge.exe	84
PID 2588 wrote to memory of 2916	2588	msedge.exe	84
PID 2588 wrote to memory of 2916	2588	msedge.exe	84
PID 2588 wrote to memory of 2916	2588	msedge.exe	84
PID 2588 wrote to memory of 2916	2588	msedge.exe	84
PID 2588 wrote to memory of 2916	2588	msedge.exe	84
PID 2588 wrote to memory of 2916	2588	msedge.exe	84
PID 2588 wrote to memory of 2916	2588	msedge.exe	84
PID 2588 wrote to memory of 2916	2588	msedge.exe	84
PID 2588 wrote to memory of 2916	2588	msedge.exe	84
PID 2588 wrote to memory of 2916	2588	msedge.exe	84
PID 2588 wrote to memory of 2916	2588	msedge.exe	84
PID 2588 wrote to memory of 2916	2588	msedge.exe	84
PID 2588 wrote to memory of 2916	2588	msedge.exe	84
PID 2588 wrote to memory of 2916	2588	msedge.exe	84
PID 2588 wrote to memory of 2916	2588	msedge.exe	84
PID 2588 wrote to memory of 2916	2588	msedge.exe	84
PID 2588 wrote to memory of 2916	2588	msedge.exe	84
PID 2588 wrote to memory of 2916	2588	msedge.exe	84
PID 2588 wrote to memory of 2916	2588	msedge.exe	84
PID 2588 wrote to memory of 2916	2588	msedge.exe	84
PID 2588 wrote to memory of 2916	2588	msedge.exe	84
PID 2588 wrote to memory of 2916	2588	msedge.exe	84
PID 2588 wrote to memory of 2916	2588	msedge.exe	84
PID 2588 wrote to memory of 2916	2588	msedge.exe	84
PID 2588 wrote to memory of 2916	2588	msedge.exe	84
PID 2588 wrote to memory of 2916	2588	msedge.exe	84
PID 2588 wrote to memory of 2916	2588	msedge.exe	84
PID 2588 wrote to memory of 2916	2588	msedge.exe	84
PID 2588 wrote to memory of 2916	2588	msedge.exe	84
PID 2588 wrote to memory of 2916	2588	msedge.exe	84
PID 2588 wrote to memory of 2916	2588	msedge.exe	84
PID 2588 wrote to memory of 2916	2588	msedge.exe	84
PID 2588 wrote to memory of 2916	2588	msedge.exe	84
PID 2588 wrote to memory of 2916	2588	msedge.exe	84
PID 2588 wrote to memory of 2916	2588	msedge.exe	84
PID 2588 wrote to memory of 4496	2588	msedge.exe	85
PID 2588 wrote to memory of 4496	2588	msedge.exe	85
PID 2588 wrote to memory of 1964	2588	msedge.exe	86
PID 2588 wrote to memory of 1964	2588	msedge.exe	86
PID 2588 wrote to memory of 1964	2588	msedge.exe	86
PID 2588 wrote to memory of 1964	2588	msedge.exe	86
PID 2588 wrote to memory of 1964	2588	msedge.exe	86
PID 2588 wrote to memory of 1964	2588	msedge.exe	86
PID 2588 wrote to memory of 1964	2588	msedge.exe	86
PID 2588 wrote to memory of 1964	2588	msedge.exe	86
PID 2588 wrote to memory of 1964	2588	msedge.exe	86
PID 2588 wrote to memory of 1964	2588	msedge.exe	86
PID 2588 wrote to memory of 1964	2588	msedge.exe	86
PID 2588 wrote to memory of 1964	2588	msedge.exe	86
PID 2588 wrote to memory of 1964	2588	msedge.exe	86
PID 2588 wrote to memory of 1964	2588	msedge.exe	86
PID 2588 wrote to memory of 1964	2588	msedge.exe	86
PID 2588 wrote to memory of 1964	2588	msedge.exe	86
PID 2588 wrote to memory of 1964	2588	msedge.exe	86
PID 2588 wrote to memory of 1964	2588	msedge.exe	86
PID 2588 wrote to memory of 1964	2588	msedge.exe	86
PID 2588 wrote to memory of 1964	2588	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\4cc7472bec43445c510cea31b15f4b35_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdbd8946f8,0x7ffdbd894708,0x7ffdbd894718
  2⤵
  PID:2168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,5315931768169505699,4557625260463492370,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2
  2⤵
  PID:2916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2072,5315931768169505699,4557625260463492370,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2072,5315931768169505699,4557625260463492370,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2736 /prefetch:8
  2⤵
  PID:1964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,5315931768169505699,4557625260463492370,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:2260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,5315931768169505699,4557625260463492370,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:2252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,5315931768169505699,4557625260463492370,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4676 /prefetch:1
  2⤵
  PID:1376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,5315931768169505699,4557625260463492370,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4832 /prefetch:1
  2⤵
  PID:2804
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,5315931768169505699,4557625260463492370,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3328 /prefetch:8
  2⤵
  PID:368
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,5315931768169505699,4557625260463492370,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3328 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,5315931768169505699,4557625260463492370,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5720 /prefetch:1
  2⤵
  PID:1440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,5315931768169505699,4557625260463492370,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5496 /prefetch:1
  2⤵
  PID:2976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,5315931768169505699,4557625260463492370,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5568 /prefetch:1
  2⤵
  PID:4892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,5315931768169505699,4557625260463492370,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5604 /prefetch:1
  2⤵
  PID:3400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,5315931768169505699,4557625260463492370,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5528 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5020

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:552

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4700

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ce4c898f8fc7601e2fbc252fdadb5115

SHA1
01bf06badc5da353e539c7c07527d30dccc55a91

SHA256
bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa

SHA512
80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4158365912175436289496136e7912c2

SHA1
813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59

SHA256
354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1

SHA512
74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
91fe283b424bfcab90d064c5d879a3fd

SHA1
e23a49df5004cf848829ad8b144332d02f6ecaec

SHA256
403e0bf0a84e79325f575772d063589e7cb6607012139c9688940d8dc6acd6d3

SHA512
5040a04fd82295567758636efa27687ebb4d53ee346fdda97054fe13ff065071061ba3784fccdbc97a68f7bee304943a192e3d0ce0eb9f9948c7d14744e4686a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
969B

MD5
40c7cb38a268dda4280d2ed9721f6741

SHA1
de8de2642b0185d471e14c5bf2fc5f17ea6fa90c

SHA256
a5f6b11aec1f88bfff39675fb7ec33b97f1fa9c13f9f4dd92cb99d7a29c8e76e

SHA512
9bf5761c842835f59784596983f158a0db25798958fe086b04a221e65d92d597628ba84c717c2dc4dc90007aba774c5fd8a636c1c3a97d4813f9eefda5d27b61

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
1cdd2b0bc95e15a87f75cf21c0f1ad04

SHA1
47a01f745ae4919edfaec8dc834ecc200abde743

SHA256
7447c6bf7fc45b8297a7d448dd3bde7d045de4152413d5e478b20efea4a57d76

SHA512
71cbad3f4959ce83c47d05593a7f580919458c5239f7aff2ec88b1303c69136297efe592b5f376671039820c69528dea6f808be59d2dfbfe5da9e162c2bdfaf8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e620ff18924b622be65727e4068347ea

SHA1
65ecb59f1675ddfe1fb50b58f6159e3967a908ef

SHA256
599079d9e2c19222a3b7f7b519936ad05f44dabf1e82f59c14a55132dc6092b8

SHA512
a0358b0df31a1c468681b6dc802f2aac527fd23f067fd1ade3d6d0dd048d2ee68062750e7fe0d2b737bdffa6cbb1f4b40d336743537236a0476ec4dbd0cea943

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
a2d29879e1380e926d27c147d5e5324c

SHA1
0090d813d4ba1c30069e2ed559a15bb8ba9839da

SHA256
601c8a403e65787bc93b72874b7152db59aa48bfe3c6206c4f2b473911cb35ec

SHA512
e8ce486f108ed80b5c604fcbe20819072a4dc800a34b5fcb29e4e3dc4b7df616f82c19b72b46879b0d1f7676c069af7324f50f77284385a0614db6a4664f58b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
f05acb09891eb2a49163a1e360260398

SHA1
35ed852356bf337dc65c3181c125e11036035a10

SHA256
5e25bf98d8fba3d2dbb8a7e6542306be3379ea6146a93f5465551de14253dbba

SHA512
bd3c5aea3b257f5892bacca29923fbf256dbfdcd6257d98ebc3f7acb58209e2d74731479e8bb824463e36e902419ce32c8c3b43dd41f9d3f64f296c24d218ef6

Download Submit