9d7d9e04b8f59a1f0eb222d4f78a2d0118901567ecbbb13c7be27af542a1c68a

Analysis

max time kernel
148s
max time network
138s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
06/06/2024, 03:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

99e3dd3ceb2c1de5a40146936f4bc35d_JaffaCakes118.html
Size

42KB
MD5

99e3dd3ceb2c1de5a40146936f4bc35d
SHA1

6aa9f3bd70538ac15f011c54b0272c70383d995a
SHA256

9d7d9e04b8f59a1f0eb222d4f78a2d0118901567ecbbb13c7be27af542a1c68a
SHA512

f8d779255bd3f9bfc3c136f0acbe9cd0994a891d73a32673d9dd1c7c984593e5c8a99fea941058461cc0366e083c915fb06687010c048156cb2339aa5f7b78aa
SSDEEP

768:Zh3dv1TsyXKbI+brINIb9quxES7p8EPARfsHKNNZ+:TZ1TsyXKcAb9quxEypfefsHKNNM

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1488	msedge.exe
1488	msedge.exe
2960	msedge.exe
2960	msedge.exe
1460	identity_helper.exe
1460	identity_helper.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
2960	msedge.exe
2960	msedge.exe
2960	msedge.exe
2960	msedge.exe
2960	msedge.exe
2960	msedge.exe
2960	msedge.exe
2960	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2960	msedge.exe
2960	msedge.exe
2960	msedge.exe
2960	msedge.exe
2960	msedge.exe
2960	msedge.exe
2960	msedge.exe
2960	msedge.exe
2960	msedge.exe
2960	msedge.exe
2960	msedge.exe
2960	msedge.exe
2960	msedge.exe
2960	msedge.exe
2960	msedge.exe
2960	msedge.exe
2960	msedge.exe
2960	msedge.exe
2960	msedge.exe
2960	msedge.exe
2960	msedge.exe
2960	msedge.exe
2960	msedge.exe
2960	msedge.exe
2960	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2960	msedge.exe
2960	msedge.exe
2960	msedge.exe
2960	msedge.exe
2960	msedge.exe
2960	msedge.exe
2960	msedge.exe
2960	msedge.exe
2960	msedge.exe
2960	msedge.exe
2960	msedge.exe
2960	msedge.exe
2960	msedge.exe
2960	msedge.exe
2960	msedge.exe
2960	msedge.exe
2960	msedge.exe
2960	msedge.exe
2960	msedge.exe
2960	msedge.exe
2960	msedge.exe
2960	msedge.exe
2960	msedge.exe
2960	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2960 wrote to memory of 3012	2960	msedge.exe	83
PID 2960 wrote to memory of 3012	2960	msedge.exe	83
PID 2960 wrote to memory of 3556	2960	msedge.exe	84
PID 2960 wrote to memory of 3556	2960	msedge.exe	84
PID 2960 wrote to memory of 3556	2960	msedge.exe	84
PID 2960 wrote to memory of 3556	2960	msedge.exe	84
PID 2960 wrote to memory of 3556	2960	msedge.exe	84
PID 2960 wrote to memory of 3556	2960	msedge.exe	84
PID 2960 wrote to memory of 3556	2960	msedge.exe	84
PID 2960 wrote to memory of 3556	2960	msedge.exe	84
PID 2960 wrote to memory of 3556	2960	msedge.exe	84
PID 2960 wrote to memory of 3556	2960	msedge.exe	84
PID 2960 wrote to memory of 3556	2960	msedge.exe	84
PID 2960 wrote to memory of 3556	2960	msedge.exe	84
PID 2960 wrote to memory of 3556	2960	msedge.exe	84
PID 2960 wrote to memory of 3556	2960	msedge.exe	84
PID 2960 wrote to memory of 3556	2960	msedge.exe	84
PID 2960 wrote to memory of 3556	2960	msedge.exe	84
PID 2960 wrote to memory of 3556	2960	msedge.exe	84
PID 2960 wrote to memory of 3556	2960	msedge.exe	84
PID 2960 wrote to memory of 3556	2960	msedge.exe	84
PID 2960 wrote to memory of 3556	2960	msedge.exe	84
PID 2960 wrote to memory of 3556	2960	msedge.exe	84
PID 2960 wrote to memory of 3556	2960	msedge.exe	84
PID 2960 wrote to memory of 3556	2960	msedge.exe	84
PID 2960 wrote to memory of 3556	2960	msedge.exe	84
PID 2960 wrote to memory of 3556	2960	msedge.exe	84
PID 2960 wrote to memory of 3556	2960	msedge.exe	84
PID 2960 wrote to memory of 3556	2960	msedge.exe	84
PID 2960 wrote to memory of 3556	2960	msedge.exe	84
PID 2960 wrote to memory of 3556	2960	msedge.exe	84
PID 2960 wrote to memory of 3556	2960	msedge.exe	84
PID 2960 wrote to memory of 3556	2960	msedge.exe	84
PID 2960 wrote to memory of 3556	2960	msedge.exe	84
PID 2960 wrote to memory of 3556	2960	msedge.exe	84
PID 2960 wrote to memory of 3556	2960	msedge.exe	84
PID 2960 wrote to memory of 3556	2960	msedge.exe	84
PID 2960 wrote to memory of 3556	2960	msedge.exe	84
PID 2960 wrote to memory of 3556	2960	msedge.exe	84
PID 2960 wrote to memory of 3556	2960	msedge.exe	84
PID 2960 wrote to memory of 3556	2960	msedge.exe	84
PID 2960 wrote to memory of 3556	2960	msedge.exe	84
PID 2960 wrote to memory of 1488	2960	msedge.exe	85
PID 2960 wrote to memory of 1488	2960	msedge.exe	85
PID 2960 wrote to memory of 1936	2960	msedge.exe	86
PID 2960 wrote to memory of 1936	2960	msedge.exe	86
PID 2960 wrote to memory of 1936	2960	msedge.exe	86
PID 2960 wrote to memory of 1936	2960	msedge.exe	86
PID 2960 wrote to memory of 1936	2960	msedge.exe	86
PID 2960 wrote to memory of 1936	2960	msedge.exe	86
PID 2960 wrote to memory of 1936	2960	msedge.exe	86
PID 2960 wrote to memory of 1936	2960	msedge.exe	86
PID 2960 wrote to memory of 1936	2960	msedge.exe	86
PID 2960 wrote to memory of 1936	2960	msedge.exe	86
PID 2960 wrote to memory of 1936	2960	msedge.exe	86
PID 2960 wrote to memory of 1936	2960	msedge.exe	86
PID 2960 wrote to memory of 1936	2960	msedge.exe	86
PID 2960 wrote to memory of 1936	2960	msedge.exe	86
PID 2960 wrote to memory of 1936	2960	msedge.exe	86
PID 2960 wrote to memory of 1936	2960	msedge.exe	86
PID 2960 wrote to memory of 1936	2960	msedge.exe	86
PID 2960 wrote to memory of 1936	2960	msedge.exe	86
PID 2960 wrote to memory of 1936	2960	msedge.exe	86
PID 2960 wrote to memory of 1936	2960	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\99e3dd3ceb2c1de5a40146936f4bc35d_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8030d46f8,0x7ff8030d4708,0x7ff8030d4718
  2⤵
  PID:3012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,604055568194561103,12286950041089033617,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2
  2⤵
  PID:3556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,604055568194561103,12286950041089033617,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,604055568194561103,12286950041089033617,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2844 /prefetch:8
  2⤵
  PID:1936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,604055568194561103,12286950041089033617,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1
  2⤵
  PID:1200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,604055568194561103,12286950041089033617,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:1572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,604055568194561103,12286950041089033617,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5012 /prefetch:1
  2⤵
  PID:1732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,604055568194561103,12286950041089033617,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4628 /prefetch:1
  2⤵
  PID:1068
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,604055568194561103,12286950041089033617,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5324 /prefetch:8
  2⤵
  PID:4508
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,604055568194561103,12286950041089033617,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5324 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,604055568194561103,12286950041089033617,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5376 /prefetch:1
  2⤵
  PID:4552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,604055568194561103,12286950041089033617,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5412 /prefetch:1
  2⤵
  PID:4716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,604055568194561103,12286950041089033617,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4676 /prefetch:1
  2⤵
  PID:3000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,604055568194561103,12286950041089033617,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5756 /prefetch:1
  2⤵
  PID:3040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,604055568194561103,12286950041089033617,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5580 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3760

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4372

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:344

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a8e767fd33edd97d306efb6905f93252

SHA1
a6f80ace2b57599f64b0ae3c7381f34e9456f9d3

SHA256
c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb

SHA512
07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
439b5e04ca18c7fb02cf406e6eb24167

SHA1
e0c5bb6216903934726e3570b7d63295b9d28987

SHA256
247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654

SHA512
d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
408B

MD5
e27b30987b9fb930125641c4eb02180d

SHA1
d080a7a8abbe5a96657cb98046d52d8028db182f

SHA256
299a9b39fe0d9d3306ff044b09feab019218c5152f6446a20ef814e6458a681b

SHA512
b04987d7b77b2c1e0fec3a28f708ea521514c4926197472790219194488a0dee92df329f876f9640d2a0646e6c573a5c7ee7abfaff76d765e7fbaf7b4d7814ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
741B

MD5
ffdae4dc092978e79aa80388308ca0b7

SHA1
d2676f3f68a6867c61e744b9038160f5440b6f24

SHA256
dffee55f5846e6fa01081e1401d6426f84590205d4d7717e276348aad3b4a585

SHA512
a9ef421fafdb565de94fad8d3411de70874e3e72b886a5be7d447f42f875a6f036f396451d1bd1cfe7976c0f277717cd14bc3a0a6c5f92e8641a0507341978b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
ec05d735d8f33fb0d17ed73df002c87e

SHA1
1460eeb6e00066d5ef5e72169b9f8487099a02f5

SHA256
ff0163abfd2ab1df8c2a5ac518ac81945d16d4f119452597268893ee31a13f58

SHA512
c762851fbbab1f48fc7320527993b9ab5ebe6ef2c8b4f0a7d2b0e1cadb30524cdb82332d6087cdf63fc5a87317548917f7bd6fc1f4c75484a45195ec1367cce8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
86551ca2085cd167836274b9b27155c8

SHA1
a183f5e8c61d2148da4d94ec98ead11bae57d6c4

SHA256
5e83d294c7f8266b8a040dfa2f2c6bc3f4fe5d38f7859dd07820741ba4a61d81

SHA512
85ef1a469e2e322b05208d8a31525a4e9e8fd5fb6b3e6d50a61231a593c8f80bff1cb9139297fb41d852a4698b8ba5749a5fc7e8ff86a9135ea0230eb8aa0eb2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
d699a736d67b66d54cd8c9517df4f441

SHA1
7d1f8bf3e4779872e98ea08c5aa510e66b54046e

SHA256
f3ae9db15d05b327192076d8ab3c5c899a5a7761c07a9f5180cee94205282033

SHA512
e3d86dbcb040c1da7b6daa1e1f2d261912eaef0f3ecf4ff19c6b67a82e5961355e49462a4b9d1718f83ea64da841482ae3abaa6b4ba1b99142c37c64a86a4ec7

Download Submit