489f5e15ae25ecc9baac0a0cc95247cb5d05d894ebafbb8dd529b39738811f59

Analysis

max time kernel
145s
max time network
145s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
29/05/2024, 21:02

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

81e9d999bbdd6d629b64775ea0284d0e_JaffaCakes118.html
Size

37KB
MD5

81e9d999bbdd6d629b64775ea0284d0e
SHA1

f28f2a7840b16684548cf3e32b5a95b6e3d5f775
SHA256

489f5e15ae25ecc9baac0a0cc95247cb5d05d894ebafbb8dd529b39738811f59
SHA512

e2f4a81b42d0eecc4fbabaeb9de4151d79c193f66cccc237fec0b6ab40418cabe6e55b108212bc8b7613f864a6f82bc5cd44acbf8ef0e73525fd5f6fe31fd309
SSDEEP

768:So+30rurQV9vvvCCj1M0w0nZczDMLQKFUufhbzIjwX:So+30aQVpvvCk13weczDCQKFUuZH

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4936	msedge.exe
4936	msedge.exe
1984	msedge.exe
1984	msedge.exe
736	identity_helper.exe
736	identity_helper.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1984 wrote to memory of 912	1984	msedge.exe	83
PID 1984 wrote to memory of 912	1984	msedge.exe	83
PID 1984 wrote to memory of 3700	1984	msedge.exe	84
PID 1984 wrote to memory of 3700	1984	msedge.exe	84
PID 1984 wrote to memory of 3700	1984	msedge.exe	84
PID 1984 wrote to memory of 3700	1984	msedge.exe	84
PID 1984 wrote to memory of 3700	1984	msedge.exe	84
PID 1984 wrote to memory of 3700	1984	msedge.exe	84
PID 1984 wrote to memory of 3700	1984	msedge.exe	84
PID 1984 wrote to memory of 3700	1984	msedge.exe	84
PID 1984 wrote to memory of 3700	1984	msedge.exe	84
PID 1984 wrote to memory of 3700	1984	msedge.exe	84
PID 1984 wrote to memory of 3700	1984	msedge.exe	84
PID 1984 wrote to memory of 3700	1984	msedge.exe	84
PID 1984 wrote to memory of 3700	1984	msedge.exe	84
PID 1984 wrote to memory of 3700	1984	msedge.exe	84
PID 1984 wrote to memory of 3700	1984	msedge.exe	84
PID 1984 wrote to memory of 3700	1984	msedge.exe	84
PID 1984 wrote to memory of 3700	1984	msedge.exe	84
PID 1984 wrote to memory of 3700	1984	msedge.exe	84
PID 1984 wrote to memory of 3700	1984	msedge.exe	84
PID 1984 wrote to memory of 3700	1984	msedge.exe	84
PID 1984 wrote to memory of 3700	1984	msedge.exe	84
PID 1984 wrote to memory of 3700	1984	msedge.exe	84
PID 1984 wrote to memory of 3700	1984	msedge.exe	84
PID 1984 wrote to memory of 3700	1984	msedge.exe	84
PID 1984 wrote to memory of 3700	1984	msedge.exe	84
PID 1984 wrote to memory of 3700	1984	msedge.exe	84
PID 1984 wrote to memory of 3700	1984	msedge.exe	84
PID 1984 wrote to memory of 3700	1984	msedge.exe	84
PID 1984 wrote to memory of 3700	1984	msedge.exe	84
PID 1984 wrote to memory of 3700	1984	msedge.exe	84
PID 1984 wrote to memory of 3700	1984	msedge.exe	84
PID 1984 wrote to memory of 3700	1984	msedge.exe	84
PID 1984 wrote to memory of 3700	1984	msedge.exe	84
PID 1984 wrote to memory of 3700	1984	msedge.exe	84
PID 1984 wrote to memory of 3700	1984	msedge.exe	84
PID 1984 wrote to memory of 3700	1984	msedge.exe	84
PID 1984 wrote to memory of 3700	1984	msedge.exe	84
PID 1984 wrote to memory of 3700	1984	msedge.exe	84
PID 1984 wrote to memory of 3700	1984	msedge.exe	84
PID 1984 wrote to memory of 3700	1984	msedge.exe	84
PID 1984 wrote to memory of 4936	1984	msedge.exe	85
PID 1984 wrote to memory of 4936	1984	msedge.exe	85
PID 1984 wrote to memory of 4016	1984	msedge.exe	86
PID 1984 wrote to memory of 4016	1984	msedge.exe	86
PID 1984 wrote to memory of 4016	1984	msedge.exe	86
PID 1984 wrote to memory of 4016	1984	msedge.exe	86
PID 1984 wrote to memory of 4016	1984	msedge.exe	86
PID 1984 wrote to memory of 4016	1984	msedge.exe	86
PID 1984 wrote to memory of 4016	1984	msedge.exe	86
PID 1984 wrote to memory of 4016	1984	msedge.exe	86
PID 1984 wrote to memory of 4016	1984	msedge.exe	86
PID 1984 wrote to memory of 4016	1984	msedge.exe	86
PID 1984 wrote to memory of 4016	1984	msedge.exe	86
PID 1984 wrote to memory of 4016	1984	msedge.exe	86
PID 1984 wrote to memory of 4016	1984	msedge.exe	86
PID 1984 wrote to memory of 4016	1984	msedge.exe	86
PID 1984 wrote to memory of 4016	1984	msedge.exe	86
PID 1984 wrote to memory of 4016	1984	msedge.exe	86
PID 1984 wrote to memory of 4016	1984	msedge.exe	86
PID 1984 wrote to memory of 4016	1984	msedge.exe	86
PID 1984 wrote to memory of 4016	1984	msedge.exe	86
PID 1984 wrote to memory of 4016	1984	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\81e9d999bbdd6d629b64775ea0284d0e_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe40aa46f8,0x7ffe40aa4708,0x7ffe40aa4718
  2⤵
  PID:912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,8718592069244984639,3120197637991842775,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2
  2⤵
  PID:3700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,8718592069244984639,3120197637991842775,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,8718592069244984639,3120197637991842775,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2720 /prefetch:8
  2⤵
  PID:4016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,8718592069244984639,3120197637991842775,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
  2⤵
  PID:2520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,8718592069244984639,3120197637991842775,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:2952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,8718592069244984639,3120197637991842775,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6140 /prefetch:1
  2⤵
  PID:2692
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,8718592069244984639,3120197637991842775,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5520 /prefetch:8
  2⤵
  PID:2680
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,8718592069244984639,3120197637991842775,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5520 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,8718592069244984639,3120197637991842775,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5140 /prefetch:1
  2⤵
  PID:4844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,8718592069244984639,3120197637991842775,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5864 /prefetch:1
  2⤵
  PID:864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,8718592069244984639,3120197637991842775,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5984 /prefetch:1
  2⤵
  PID:2680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,8718592069244984639,3120197637991842775,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6032 /prefetch:1
  2⤵
  PID:2396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,8718592069244984639,3120197637991842775,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4036 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2276

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2816

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3108

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a8e767fd33edd97d306efb6905f93252

SHA1
a6f80ace2b57599f64b0ae3c7381f34e9456f9d3

SHA256
c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb

SHA512
07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
439b5e04ca18c7fb02cf406e6eb24167

SHA1
e0c5bb6216903934726e3570b7d63295b9d28987

SHA256
247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654

SHA512
d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
898B

MD5
4c02db71ab3838b5d140baf06c56642e

SHA1
96b9682bd226a59d05d1133eaf5a8eaa67d6fd25

SHA256
e5418d6230a6af695768749394094896018f8eff3e00a3c4e5c106ce5fd120b2

SHA512
0dd230ccd3b599c7c62bc01a4d2f10a12ff601b64560528e306c37fd927345393e41198d66d0f0c9f6d347f156d00074b3554a79245d299a3155965fe0fb2ed9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
50579f0233e2d8c87e291c5b0ff99702

SHA1
b10d65bb1eba5459f60f04927ec20e28ff829515

SHA256
3c283c93adbd9dc0678ea71abb8bf6fd22e7d28f0fc938b049bf82f5c0541d31

SHA512
257f6c932b3abc1766a286c09dc0c7953d19312dfb5e3761bd3bc695177cc594e22addc92fb62b6e19f2f3b88b43dd507b3778ce1fbd1c2193372cae76ee6b17

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
911f4468c37fc148ae44ebe0d98bc9b4

SHA1
f7b244df32256ba94d70713e4873494845427e77

SHA256
2ce90c105c58c3a22304aca3798767073ef3f198873b0368ed40e0ef8f4b656d

SHA512
7ac80526547a4f36e270996e2c4decff91b7af3441dae1d1a5a98fdc0176b005a564517b39f3dd9b85c7987f65e5886f3c2ec17ef38a2d04500ed557251acacd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
77d2fd5203b3fdbaa3865f37cbc6c487

SHA1
9394f934722b2b58b69a52147998377deb7388b8

SHA256
40f313d8e928161419e73cfd6877a33067047989cb4a680b8516dd8331c7fb1f

SHA512
5da90691b5b29ba3ca7119a887c466809273047477e0748887d643c3eb5df776ba0e6e377bbc5266238cc2f819605251925cd9de87411d9cd1bc495e8c660b36

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
876B

MD5
da6ca3d370f591bffd42cfccb5a893bf

SHA1
c8cdfb6172470544b6114c707f5b20044f08c6bd

SHA256
30648d0e9ae36b9236ce4e3d1b230f55aa071551e7a8fc7a957d0466177552ef

SHA512
531f11155b5da7a3957eb191c1d662a5c8aa163695198178ad1b97b481c2ce0f29ad5db95800c25220c127a87fc0450494479d1d640b8392f4c8453a7ff09dab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57ae70.TMP

Filesize
876B

MD5
a6451060244c5b385520ee1799bc0571

SHA1
539f377dc1720381f082e020d235d4e0f427ea2d

SHA256
e6041cd1176cdc4658e1648dc0d93dd628408db8a42ef5696d89feaf69137995

SHA512
29df8c61c1880bce6ebca24d58d42fd44718642338905e613aac359198683708920400a0326d3776d692ced1884253eebafb003345981ce7c4224035dd81566f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
74b34ccb26e4ffbe4771f01d90f17a50

SHA1
c2b2cd2264b22c7da98f7c85c8618b3e854caa86

SHA256
cc1c0d60d3437eb63fdeb8503ea207ca1da5682bb1d7d4ffe65923f413a66503

SHA512
1fc42db22be3600d7f46dc5beffe65e3177ddcba729bc7a2073ef6f9adc9433b721b7949a6050d572524d6cf40459270eb34284cb6f41bc21fd10ab78dc6dc47

Download Submit