2f3e06731562ecb0bb8ab9b3f3661a50f4877f2fd6da4461b69622397a640a9b

Analysis

max time kernel
147s
max time network
137s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
21/05/2024, 09:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

62d5ab2e36232ff54de5698118ca1f50_JaffaCakes118.html
Size

67KB
MD5

62d5ab2e36232ff54de5698118ca1f50
SHA1

5833c455229151b4676d59f97adeafad61c73735
SHA256

2f3e06731562ecb0bb8ab9b3f3661a50f4877f2fd6da4461b69622397a640a9b
SHA512

2a94cc2bbe8556fac972e691b4b7491c548d740661974633099d46a9608733aaafcec92c0a51507065204f237779e7d73844176d327e491c7117c1e67eaa0216
SSDEEP

1536:+flBcxjRKCJpl/BMB1/Ge4aVYcrIrgpoZiOXXpAl0QDMSfmYQErCNhwCnoj7ThAy:okjRKCJJeiaVYcr/

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4580	msedge.exe
4580	msedge.exe
2760	msedge.exe
2760	msedge.exe
4824	identity_helper.exe
4824	identity_helper.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2760 wrote to memory of 3132	2760	msedge.exe	85
PID 2760 wrote to memory of 3132	2760	msedge.exe	85
PID 2760 wrote to memory of 1468	2760	msedge.exe	86
PID 2760 wrote to memory of 1468	2760	msedge.exe	86
PID 2760 wrote to memory of 1468	2760	msedge.exe	86
PID 2760 wrote to memory of 1468	2760	msedge.exe	86
PID 2760 wrote to memory of 1468	2760	msedge.exe	86
PID 2760 wrote to memory of 1468	2760	msedge.exe	86
PID 2760 wrote to memory of 1468	2760	msedge.exe	86
PID 2760 wrote to memory of 1468	2760	msedge.exe	86
PID 2760 wrote to memory of 1468	2760	msedge.exe	86
PID 2760 wrote to memory of 1468	2760	msedge.exe	86
PID 2760 wrote to memory of 1468	2760	msedge.exe	86
PID 2760 wrote to memory of 1468	2760	msedge.exe	86
PID 2760 wrote to memory of 1468	2760	msedge.exe	86
PID 2760 wrote to memory of 1468	2760	msedge.exe	86
PID 2760 wrote to memory of 1468	2760	msedge.exe	86
PID 2760 wrote to memory of 1468	2760	msedge.exe	86
PID 2760 wrote to memory of 1468	2760	msedge.exe	86
PID 2760 wrote to memory of 1468	2760	msedge.exe	86
PID 2760 wrote to memory of 1468	2760	msedge.exe	86
PID 2760 wrote to memory of 1468	2760	msedge.exe	86
PID 2760 wrote to memory of 1468	2760	msedge.exe	86
PID 2760 wrote to memory of 1468	2760	msedge.exe	86
PID 2760 wrote to memory of 1468	2760	msedge.exe	86
PID 2760 wrote to memory of 1468	2760	msedge.exe	86
PID 2760 wrote to memory of 1468	2760	msedge.exe	86
PID 2760 wrote to memory of 1468	2760	msedge.exe	86
PID 2760 wrote to memory of 1468	2760	msedge.exe	86
PID 2760 wrote to memory of 1468	2760	msedge.exe	86
PID 2760 wrote to memory of 1468	2760	msedge.exe	86
PID 2760 wrote to memory of 1468	2760	msedge.exe	86
PID 2760 wrote to memory of 1468	2760	msedge.exe	86
PID 2760 wrote to memory of 1468	2760	msedge.exe	86
PID 2760 wrote to memory of 1468	2760	msedge.exe	86
PID 2760 wrote to memory of 1468	2760	msedge.exe	86
PID 2760 wrote to memory of 1468	2760	msedge.exe	86
PID 2760 wrote to memory of 1468	2760	msedge.exe	86
PID 2760 wrote to memory of 1468	2760	msedge.exe	86
PID 2760 wrote to memory of 1468	2760	msedge.exe	86
PID 2760 wrote to memory of 1468	2760	msedge.exe	86
PID 2760 wrote to memory of 1468	2760	msedge.exe	86
PID 2760 wrote to memory of 4580	2760	msedge.exe	87
PID 2760 wrote to memory of 4580	2760	msedge.exe	87
PID 2760 wrote to memory of 5008	2760	msedge.exe	88
PID 2760 wrote to memory of 5008	2760	msedge.exe	88
PID 2760 wrote to memory of 5008	2760	msedge.exe	88
PID 2760 wrote to memory of 5008	2760	msedge.exe	88
PID 2760 wrote to memory of 5008	2760	msedge.exe	88
PID 2760 wrote to memory of 5008	2760	msedge.exe	88
PID 2760 wrote to memory of 5008	2760	msedge.exe	88
PID 2760 wrote to memory of 5008	2760	msedge.exe	88
PID 2760 wrote to memory of 5008	2760	msedge.exe	88
PID 2760 wrote to memory of 5008	2760	msedge.exe	88
PID 2760 wrote to memory of 5008	2760	msedge.exe	88
PID 2760 wrote to memory of 5008	2760	msedge.exe	88
PID 2760 wrote to memory of 5008	2760	msedge.exe	88
PID 2760 wrote to memory of 5008	2760	msedge.exe	88
PID 2760 wrote to memory of 5008	2760	msedge.exe	88
PID 2760 wrote to memory of 5008	2760	msedge.exe	88
PID 2760 wrote to memory of 5008	2760	msedge.exe	88
PID 2760 wrote to memory of 5008	2760	msedge.exe	88
PID 2760 wrote to memory of 5008	2760	msedge.exe	88
PID 2760 wrote to memory of 5008	2760	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\62d5ab2e36232ff54de5698118ca1f50_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9aa2a46f8,0x7ff9aa2a4708,0x7ff9aa2a4718
  2⤵
  PID:3132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,14317395224891379706,293099316057849353,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2080 /prefetch:2
  2⤵
  PID:1468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2060,14317395224891379706,293099316057849353,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2060,14317395224891379706,293099316057849353,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2644 /prefetch:8
  2⤵
  PID:5008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,14317395224891379706,293099316057849353,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:4068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,14317395224891379706,293099316057849353,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:1740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,14317395224891379706,293099316057849353,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6080 /prefetch:1
  2⤵
  PID:548
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,14317395224891379706,293099316057849353,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3020 /prefetch:8
  2⤵
  PID:5036
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,14317395224891379706,293099316057849353,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3020 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,14317395224891379706,293099316057849353,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5008 /prefetch:1
  2⤵
  PID:2416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,14317395224891379706,293099316057849353,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5024 /prefetch:1
  2⤵
  PID:2344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,14317395224891379706,293099316057849353,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6036 /prefetch:1
  2⤵
  PID:4436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,14317395224891379706,293099316057849353,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6008 /prefetch:1
  2⤵
  PID:872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,14317395224891379706,293099316057849353,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5580 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1904

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4588

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3652

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f61fa5143fe872d1d8f1e9f8dc6544f9

SHA1
df44bab94d7388fb38c63085ec4db80cfc5eb009

SHA256
284a24b5b40860240db00ef3ae6a33c9fa8349ab5490a634e27b2c6e9a191c64

SHA512
971000784a6518bb39c5cf043292c7ab659162275470f5f6b632ea91a6bcae83bc80517ceb983dd5abfe8fb4e157344cb65c27e609a879eec00b33c5fad563a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
87f7abeb82600e1e640b843ad50fe0a1

SHA1
045bbada3f23fc59941bf7d0210fb160cb78ae87

SHA256
b35d6906050d90a81d23646f86c20a8f5d42f058ffc6436fb0a2b8bd71ee1262

SHA512
ea8e7f24ab823ad710ce079c86c40aa957353a00d2775732c23e31be88a10d212e974c4691279aa86016c4660f5795febf739a15207833df6ed964a9ed99d618

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
608B

MD5
335e5d3e67b51b6fee3994886440007e

SHA1
9a66870d2261eaec5b49fd701ae79e54e7c73589

SHA256
1f2132dbb702843d8ff64c3e2f109d434927c9f4f185e9824cb50ace11fb71d7

SHA512
f3d35004bde81a91a0b14cab96c2fe9feaa2197915bf19a0df1df12eab4c7b75b4ee23d30be3fdcda6d284ae71e718d432a732fd41decd1d69cbb3c129712aee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
35b37408bba8007edb482d5778577f2f

SHA1
a161dd510622f590502d9baf12989632fd6b3370

SHA256
b5d7eeb9fe9768200c7c50d8f99f705d1b33bd6cdd36b9eac35d57b1108325fe

SHA512
a5b1d57589ab5fdbd2f9c4a1111d8ed0bcb3d153b908862591cf64ce455854c341f1f0132686d9c455e4ab485e7cf0550e97bba9a1dd16c16198e424d7be6ece

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
47ca53881cdadc5091958e99f8be1973

SHA1
01efd9b4f3b54600ff07fb0059f6255c79b01b3b

SHA256
878403ce7a813a4e4130c805744bc9fc6d01193b212521e896d3698126f5a7b1

SHA512
cb153fad90eff087be6581857a901c0ede770a7feb05a21e87984f022e386a68cd31fe536ccd04e416654d9ceb98212fe61667ad9463531b3d40387a606ae88a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ec663f0fc9f993dd1b9a3f9b3d1c3aa2

SHA1
a299539996dc937de249d168cb35d0c58082b85b

SHA256
18a66cd38d1475e6351c54e4b2a5b9c321dde66ac8dce4cb81e5846e781f1e32

SHA512
ac74797ed419c56b2c8a666a4447e1460cbb45d583d907d19a2403b3ff16abc6ff61bcd6b417d84cd727df5135e29b795ee513972f296aad4fa3076c603f4953

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
370B

MD5
1856aa65a870ac9759868cca198d212d

SHA1
1080b91d09b743538c510b0cebe4637b4ffc6034

SHA256
5bb05b3301b284e5af0d259ae7ace1f6581ddf463a36fb109f8327843e878a92

SHA512
3ad22bc3053115c167d34b24bc6bbaee526463bd512fe4d0c14f8921de99972f0b31d7b15100ff2916286593ead34ec86e8695ae786ba2f30d81b8caa1ec498a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe591fe2.TMP

Filesize
203B

MD5
4378de075c6c8db3fa89b9c38aff94a2

SHA1
513ea679cff7881956ab6517ccda9666c24369a0

SHA256
b729fcf7504a6f4c38bb711069465d60b6f754c865147c9d741e180b781d8260

SHA512
33b83861deb41015bf444b6fcd978e67f74beff82ef003a39ad892388d01cf2e599c14bb72781167af666244dc6ba04f9657e9c2f5688d01a2e6c5747cee371b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
5cae9c9d277ccdbaa9cc769238209ca5

SHA1
e696a16fd47285921c2f8a1dee85cadc84db7e6e

SHA256
796433b2ba476e50af324ff2e17f35383a18c9c044e4d34cf025054eeb09bd3d

SHA512
0963c18e4ec5919a46f05bf441cbc9b17a06f529326ad1697dd4972c179d43a3e691f8e4c5cd07440ffcf1d9831fa4f8953acbc0be9f9584a171a2b9b92d03cf

Download Submit