d7d0ed8ab28595f6244f318808f04bfed9a2abe463b131bf6155189009511786

Analysis

max time kernel
149s
max time network
138s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
24/05/2024, 03:40

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

6d3a906ae9ae6370545ec80437496414_JaffaCakes118.html
Size

65KB
MD5

6d3a906ae9ae6370545ec80437496414
SHA1

08795a542e9559300085fe612ad59b846e102928
SHA256

d7d0ed8ab28595f6244f318808f04bfed9a2abe463b131bf6155189009511786
SHA512

b473998da62aadbdba7c9952b474822ef632a42299d2f06f4e191ad5296de041df09321ab9936fe006be9cdac2bf73010779294f549be12a2034ad3e8967041c
SSDEEP

1536:huSPMsl8uJsLlTsCbjOaZLaSkozuEfJjSER4otA2a8Yq2UK:D8uJsLp5TfJjSER4otA2ahqJK

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3556	msedge.exe
3556	msedge.exe
4724	msedge.exe
4724	msedge.exe
1468	identity_helper.exe
1468	identity_helper.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4724 wrote to memory of 2960	4724	msedge.exe	83
PID 4724 wrote to memory of 2960	4724	msedge.exe	83
PID 4724 wrote to memory of 3748	4724	msedge.exe	84
PID 4724 wrote to memory of 3748	4724	msedge.exe	84
PID 4724 wrote to memory of 3748	4724	msedge.exe	84
PID 4724 wrote to memory of 3748	4724	msedge.exe	84
PID 4724 wrote to memory of 3748	4724	msedge.exe	84
PID 4724 wrote to memory of 3748	4724	msedge.exe	84
PID 4724 wrote to memory of 3748	4724	msedge.exe	84
PID 4724 wrote to memory of 3748	4724	msedge.exe	84
PID 4724 wrote to memory of 3748	4724	msedge.exe	84
PID 4724 wrote to memory of 3748	4724	msedge.exe	84
PID 4724 wrote to memory of 3748	4724	msedge.exe	84
PID 4724 wrote to memory of 3748	4724	msedge.exe	84
PID 4724 wrote to memory of 3748	4724	msedge.exe	84
PID 4724 wrote to memory of 3748	4724	msedge.exe	84
PID 4724 wrote to memory of 3748	4724	msedge.exe	84
PID 4724 wrote to memory of 3748	4724	msedge.exe	84
PID 4724 wrote to memory of 3748	4724	msedge.exe	84
PID 4724 wrote to memory of 3748	4724	msedge.exe	84
PID 4724 wrote to memory of 3748	4724	msedge.exe	84
PID 4724 wrote to memory of 3748	4724	msedge.exe	84
PID 4724 wrote to memory of 3748	4724	msedge.exe	84
PID 4724 wrote to memory of 3748	4724	msedge.exe	84
PID 4724 wrote to memory of 3748	4724	msedge.exe	84
PID 4724 wrote to memory of 3748	4724	msedge.exe	84
PID 4724 wrote to memory of 3748	4724	msedge.exe	84
PID 4724 wrote to memory of 3748	4724	msedge.exe	84
PID 4724 wrote to memory of 3748	4724	msedge.exe	84
PID 4724 wrote to memory of 3748	4724	msedge.exe	84
PID 4724 wrote to memory of 3748	4724	msedge.exe	84
PID 4724 wrote to memory of 3748	4724	msedge.exe	84
PID 4724 wrote to memory of 3748	4724	msedge.exe	84
PID 4724 wrote to memory of 3748	4724	msedge.exe	84
PID 4724 wrote to memory of 3748	4724	msedge.exe	84
PID 4724 wrote to memory of 3748	4724	msedge.exe	84
PID 4724 wrote to memory of 3748	4724	msedge.exe	84
PID 4724 wrote to memory of 3748	4724	msedge.exe	84
PID 4724 wrote to memory of 3748	4724	msedge.exe	84
PID 4724 wrote to memory of 3748	4724	msedge.exe	84
PID 4724 wrote to memory of 3748	4724	msedge.exe	84
PID 4724 wrote to memory of 3748	4724	msedge.exe	84
PID 4724 wrote to memory of 3556	4724	msedge.exe	85
PID 4724 wrote to memory of 3556	4724	msedge.exe	85
PID 4724 wrote to memory of 1488	4724	msedge.exe	86
PID 4724 wrote to memory of 1488	4724	msedge.exe	86
PID 4724 wrote to memory of 1488	4724	msedge.exe	86
PID 4724 wrote to memory of 1488	4724	msedge.exe	86
PID 4724 wrote to memory of 1488	4724	msedge.exe	86
PID 4724 wrote to memory of 1488	4724	msedge.exe	86
PID 4724 wrote to memory of 1488	4724	msedge.exe	86
PID 4724 wrote to memory of 1488	4724	msedge.exe	86
PID 4724 wrote to memory of 1488	4724	msedge.exe	86
PID 4724 wrote to memory of 1488	4724	msedge.exe	86
PID 4724 wrote to memory of 1488	4724	msedge.exe	86
PID 4724 wrote to memory of 1488	4724	msedge.exe	86
PID 4724 wrote to memory of 1488	4724	msedge.exe	86
PID 4724 wrote to memory of 1488	4724	msedge.exe	86
PID 4724 wrote to memory of 1488	4724	msedge.exe	86
PID 4724 wrote to memory of 1488	4724	msedge.exe	86
PID 4724 wrote to memory of 1488	4724	msedge.exe	86
PID 4724 wrote to memory of 1488	4724	msedge.exe	86
PID 4724 wrote to memory of 1488	4724	msedge.exe	86
PID 4724 wrote to memory of 1488	4724	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\6d3a906ae9ae6370545ec80437496414_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8030d46f8,0x7ff8030d4708,0x7ff8030d4718
  2⤵
  PID:2960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,9525340105557092029,15202374808423203233,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2
  2⤵
  PID:3748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2152,9525340105557092029,15202374808423203233,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2152,9525340105557092029,15202374808423203233,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2692 /prefetch:8
  2⤵
  PID:1488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,9525340105557092029,15202374808423203233,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3192 /prefetch:1
  2⤵
  PID:4600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,9525340105557092029,15202374808423203233,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1
  2⤵
  PID:3256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,9525340105557092029,15202374808423203233,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6012 /prefetch:1
  2⤵
  PID:4740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,9525340105557092029,15202374808423203233,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5984 /prefetch:1
  2⤵
  PID:2124
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,9525340105557092029,15202374808423203233,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5644 /prefetch:8
  2⤵
  PID:3020
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,9525340105557092029,15202374808423203233,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5644 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,9525340105557092029,15202374808423203233,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5720 /prefetch:1
  2⤵
  PID:1432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,9525340105557092029,15202374808423203233,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5740 /prefetch:1
  2⤵
  PID:4732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,9525340105557092029,15202374808423203233,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4896 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4184

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2688

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3516

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a8e767fd33edd97d306efb6905f93252

SHA1
a6f80ace2b57599f64b0ae3c7381f34e9456f9d3

SHA256
c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb

SHA512
07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
439b5e04ca18c7fb02cf406e6eb24167

SHA1
e0c5bb6216903934726e3570b7d63295b9d28987

SHA256
247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654

SHA512
d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
397B

MD5
f9d997cf7012fad0d8f1369cc8acb857

SHA1
d2458c7f072798b44503f50244e6d0377253b690

SHA256
43739a80c6804b88feb2a8e1c11f3e3b6d046e93337c689234766907f999b9ff

SHA512
f6983b8ddb132cd51564290ef261eebaa6d2b80767b8e3a31cae24744956d3d8340229b1a112d0f415b3c74bd7278846cfbd2c155404bebeae8d1488d8e4fca5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
99cf43f2e1423e36343bb0248be51ac1

SHA1
b227b1c74c5a0fb62479e1e00f404807fb440c93

SHA256
3b807377505d95e15b392316951d3b418cc2a12391e39405c23f2ed2185f4f93

SHA512
0dd11fdff43fafd4e1e1547132bd94afe35efcd772e2366235aeb35ad21cc5bbaa42afd153e04f829b2683b4bb7a612fe4cd996562777d64140474cf013a8aaa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
af027db71f43a4e561f7dc30366fd86b

SHA1
5c9e8bca662caf196da939b4e9fe41242bd01474

SHA256
8f0e5482fa682b727225a646d1dd0b1d90f2f011ce0d9695f62662a3b15964ec

SHA512
4a2f756b10e3871aef8be5f3b0adc126507e0adb1c9b91bca383b3d0c3ab88d54769772ca03611cca6a85c55f95b7581854df7f54c4e2520f958304aa7fd4b8b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
204B

MD5
b5e0eaaaac8f60451a9a35b5294c621a

SHA1
5ef4b8efe7a1e88fad31390d36270cc57e32c769

SHA256
fbb1bb82771c47ba5fd92f6507bc136045331355c8bdc4101526ad3367050df3

SHA512
fd8a87bfbe20cca0cd4478437ae6edefe8581b3aa6ee5dcc7801b16a512140be055556149f5bf2b93c52498c13730a2ca496f5e618d6d661744989b6564ac0e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57d7b3.TMP

Filesize
204B

MD5
28e7ef0e50a1fe674515350748358e4e

SHA1
c7995c7ec9419ffacc0ec6a80a8e5cf684af1703

SHA256
aedec222e44a2f7cdde99234a5502e2525fc6560c1b429e0b8f64e358f8fe2f3

SHA512
755cb8ebc129019100e3426abb08fbebced4c7402b2f6006cb930832c26f060784afe45c5803d201083b89d33e441c218e79054bb73cf549fdf4b957b6aa14ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\ce52b529-7caa-4b50-ba9c-b6637777a8f6.tmp

Filesize
5KB

MD5
3380525b10285177b691ab746711a8c3

SHA1
24752e0648569ced173712a93892f5f9bd993c25

SHA256
1df306121a76f15d05968f12d739c0491b11fe3c370a234ad1eb9bdfcd69383f

SHA512
e0929ddd839134562de8650619f3b4d7ac0d44b9afbf9b832d7694e581bc80c95bc656b883bed3b76550684536e26c62de3caf374ec13b4aa1857c4f652232be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
2cfb2decf964a17a79f47fd46c20d88e

SHA1
1f83049cab8d46acabcededd1ccf7b4558423f9c

SHA256
0bd17fb56793dd07e953972d1a04f4cca45fbba61c5682064537c286de8115ae

SHA512
e41e444156585a11091df9ecddc900f0cbad7d7d2bd3a19e8a8fe68015437c3675f0bb3ea43f54364afc14df21dd50d63307d8aa4482b0f3c24f0b139e9ae1d6

Download Submit