75617239eb80f669eb0d45d7a534fd30a7f9b1e7d8a0a78e4ae2f2a380fce31f

Analysis

max time kernel
145s
max time network
140s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
02/06/2024, 21:36

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

8f839a516046a2ae2b443d41d844ebb3_JaffaCakes118.html
Size

53KB
MD5

8f839a516046a2ae2b443d41d844ebb3
SHA1

b0ec0d5f9a837bbac26f048247763b8b2b45e344
SHA256

75617239eb80f669eb0d45d7a534fd30a7f9b1e7d8a0a78e4ae2f2a380fce31f
SHA512

1a5850198c6ba130340060053e723ffeb140ace697d96f3cb5db11abc036e135b40d92e6ade18a05612db53ce4fc982f6886127f241e2a8600597095cf5821ec
SSDEEP

768:orCpHvvCIooRJHvcDsSxPHYgl9GOZBlgVL:ouHv7o2JHkDsqLGOZC

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2440	msedge.exe
2440	msedge.exe
2268	msedge.exe
2268	msedge.exe
5072	identity_helper.exe
5072	identity_helper.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2268 wrote to memory of 832	2268	msedge.exe	82
PID 2268 wrote to memory of 832	2268	msedge.exe	82
PID 2268 wrote to memory of 4044	2268	msedge.exe	84
PID 2268 wrote to memory of 4044	2268	msedge.exe	84
PID 2268 wrote to memory of 4044	2268	msedge.exe	84
PID 2268 wrote to memory of 4044	2268	msedge.exe	84
PID 2268 wrote to memory of 4044	2268	msedge.exe	84
PID 2268 wrote to memory of 4044	2268	msedge.exe	84
PID 2268 wrote to memory of 4044	2268	msedge.exe	84
PID 2268 wrote to memory of 4044	2268	msedge.exe	84
PID 2268 wrote to memory of 4044	2268	msedge.exe	84
PID 2268 wrote to memory of 4044	2268	msedge.exe	84
PID 2268 wrote to memory of 4044	2268	msedge.exe	84
PID 2268 wrote to memory of 4044	2268	msedge.exe	84
PID 2268 wrote to memory of 4044	2268	msedge.exe	84
PID 2268 wrote to memory of 4044	2268	msedge.exe	84
PID 2268 wrote to memory of 4044	2268	msedge.exe	84
PID 2268 wrote to memory of 4044	2268	msedge.exe	84
PID 2268 wrote to memory of 4044	2268	msedge.exe	84
PID 2268 wrote to memory of 4044	2268	msedge.exe	84
PID 2268 wrote to memory of 4044	2268	msedge.exe	84
PID 2268 wrote to memory of 4044	2268	msedge.exe	84
PID 2268 wrote to memory of 4044	2268	msedge.exe	84
PID 2268 wrote to memory of 4044	2268	msedge.exe	84
PID 2268 wrote to memory of 4044	2268	msedge.exe	84
PID 2268 wrote to memory of 4044	2268	msedge.exe	84
PID 2268 wrote to memory of 4044	2268	msedge.exe	84
PID 2268 wrote to memory of 4044	2268	msedge.exe	84
PID 2268 wrote to memory of 4044	2268	msedge.exe	84
PID 2268 wrote to memory of 4044	2268	msedge.exe	84
PID 2268 wrote to memory of 4044	2268	msedge.exe	84
PID 2268 wrote to memory of 4044	2268	msedge.exe	84
PID 2268 wrote to memory of 4044	2268	msedge.exe	84
PID 2268 wrote to memory of 4044	2268	msedge.exe	84
PID 2268 wrote to memory of 4044	2268	msedge.exe	84
PID 2268 wrote to memory of 4044	2268	msedge.exe	84
PID 2268 wrote to memory of 4044	2268	msedge.exe	84
PID 2268 wrote to memory of 4044	2268	msedge.exe	84
PID 2268 wrote to memory of 4044	2268	msedge.exe	84
PID 2268 wrote to memory of 4044	2268	msedge.exe	84
PID 2268 wrote to memory of 4044	2268	msedge.exe	84
PID 2268 wrote to memory of 4044	2268	msedge.exe	84
PID 2268 wrote to memory of 2440	2268	msedge.exe	85
PID 2268 wrote to memory of 2440	2268	msedge.exe	85
PID 2268 wrote to memory of 4500	2268	msedge.exe	86
PID 2268 wrote to memory of 4500	2268	msedge.exe	86
PID 2268 wrote to memory of 4500	2268	msedge.exe	86
PID 2268 wrote to memory of 4500	2268	msedge.exe	86
PID 2268 wrote to memory of 4500	2268	msedge.exe	86
PID 2268 wrote to memory of 4500	2268	msedge.exe	86
PID 2268 wrote to memory of 4500	2268	msedge.exe	86
PID 2268 wrote to memory of 4500	2268	msedge.exe	86
PID 2268 wrote to memory of 4500	2268	msedge.exe	86
PID 2268 wrote to memory of 4500	2268	msedge.exe	86
PID 2268 wrote to memory of 4500	2268	msedge.exe	86
PID 2268 wrote to memory of 4500	2268	msedge.exe	86
PID 2268 wrote to memory of 4500	2268	msedge.exe	86
PID 2268 wrote to memory of 4500	2268	msedge.exe	86
PID 2268 wrote to memory of 4500	2268	msedge.exe	86
PID 2268 wrote to memory of 4500	2268	msedge.exe	86
PID 2268 wrote to memory of 4500	2268	msedge.exe	86
PID 2268 wrote to memory of 4500	2268	msedge.exe	86
PID 2268 wrote to memory of 4500	2268	msedge.exe	86
PID 2268 wrote to memory of 4500	2268	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\8f839a516046a2ae2b443d41d844ebb3_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8d51846f8,0x7ff8d5184708,0x7ff8d5184718
  2⤵
  PID:832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,13872594400151982705,13195204443488603489,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2
  2⤵
  PID:4044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,13872594400151982705,13195204443488603489,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,13872594400151982705,13195204443488603489,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2716 /prefetch:8
  2⤵
  PID:4500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,13872594400151982705,13195204443488603489,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:5108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,13872594400151982705,13195204443488603489,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3456 /prefetch:1
  2⤵
  PID:4756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,13872594400151982705,13195204443488603489,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4720 /prefetch:1
  2⤵
  PID:3204
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,13872594400151982705,13195204443488603489,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4596 /prefetch:8
  2⤵
  PID:2848
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,13872594400151982705,13195204443488603489,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4596 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,13872594400151982705,13195204443488603489,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5584 /prefetch:1
  2⤵
  PID:1924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,13872594400151982705,13195204443488603489,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5428 /prefetch:1
  2⤵
  PID:396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,13872594400151982705,13195204443488603489,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4076 /prefetch:1
  2⤵
  PID:2200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,13872594400151982705,13195204443488603489,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4816 /prefetch:1
  2⤵
  PID:3656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,13872594400151982705,13195204443488603489,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5820 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4548

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5788

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2788

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4f7152bc5a1a715ef481e37d1c791959

SHA1
c8a1ed674c62ae4f45519f90a8cc5a81eff3a6d7

SHA256
704dd4f98d8ca34ec421f23ba1891b178c23c14b3301e4655efc5c02d356c2bc

SHA512
2e6b02ca35d76a655a17a5f3e9dbd8d7517c7dae24f0095c7350eb9e7bdf9e1256a7009aa8878f96c89d1ea4fe5323a41f72b8c551806dda62880d7ff231ff5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ea98e583ad99df195d29aa066204ab56

SHA1
f89398664af0179641aa0138b337097b617cb2db

SHA256
a7abb51435909fa2d75c6f2ff5c69a93d4a0ab276ed579e7d8733b2a63ffbee6

SHA512
e109be3466e653e5d310b3e402e1626298b09205d223722a82344dd78504f3c33e1e24e8402a02f38cd2c9c50d96a303ce4846bea5a583423937ab018cd5782f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
197f7a956940def9cc1d45b43a226bb1

SHA1
a255773bec8bdcca43106d6c73f62db014e08bb1

SHA256
d30ca580646c92ede739360e83c057182ff41c091f9e5789853cb32c8ef356c4

SHA512
36977a13d8997288f1e2f696c2596f07e0b88a155186e061b580fd9b43e92c82f0f1d376a4a4a910513ad269a42aa36e5d2b0a7425832a920ad81fdb3d2ebcbe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
75615ea0403f727f2dff37389acac435

SHA1
38b01a19575cf0d635a1fbcc23d0139828066af8

SHA256
e1cf39645b78da0e6bf16c55721a9fd6c00cf4d6e2a02c4c3ac8bba76e5f8113

SHA512
f38e7913e68aad82fa1581f3ea28611c036eac320ae980faf093753180f5e61fd9014c9ff3138e5361cb19c562f9c5ab117e896fb59569b84c4d9cba3ec18aa2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
918b6beb3b6d58017f749f3d89c0f050

SHA1
dc516b8f99957c1b91bb5e75d4435ea2252fb88d

SHA256
ee4a4960599ef140db108c173aa432ef140505b187579aea3355a431fa8542e9

SHA512
c9c4d36c15687ca8c654261fb6ca6e24939405dfab55a0987b3ce6f72fb734d4131633227736d64f70516ee98d3558945f2c7af0e7ab86c4e9105e2f7c8154ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
659d08809d85f52aca7f6d33e6f4c7d9

SHA1
69defdb631df866c175ffe3138d9a1145f46976a

SHA256
e135e32fd599abccba53e98208e35d93964fcab204bb26ae4ac3cd0be149b17a

SHA512
8a629ab3591b585ac0d159f4312e8c2b33b5699e6d1f50ed9a0c447202b36d3e6011ec0577f92c3f6d82e8d57c3532d841f07e2519c0cc4f0c2b9b1355109013

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
db117f9dce9e0b5af6564634f3311ec6

SHA1
e7b01fb826415c56ddf256f0fe5c675a510f1e8b

SHA256
7ff7ef6d283d02b062337e0a435faef2c4e8e5f5469fd2a49b23d990aa7d744e

SHA512
06c701b4860602b7c42453d850cd7fc9fae41c1c4cc4dedbb1b8c33fbd277aac8f242e38942c115fdb2612c72c12eb9c2654886df196ffff00ea9e373daa695c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
a45b33b996b24069e056a36f597366ca

SHA1
ac256b9caa4b1a2520b228122bde6cb27ab5b001

SHA256
396cd7cdaf17c3606d138e9438d876710bb621a7a5ab82b0c3747e9a4566bb21

SHA512
f41b083515743008336af5cf1496d491dfef4e9354ad3b4d66d9875197ec7e2e1140ccd1a2665933a2665a1ffc3fa13cbd1c7e6cce42580531b8b2546c91b17b

Download Submit