c3871144428ed66ea52e7f6ecafde921939565dfe36adfa9f29d1b13d7b77386

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
08/07/2024, 15:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2ce345ac33163de8d12f16b85a8b3170_JaffaCakes118.html
Size

142KB
MD5

2ce345ac33163de8d12f16b85a8b3170
SHA1

7e8bd37f6bd9e3b3764fa62af87fc4565d20dc22
SHA256

c3871144428ed66ea52e7f6ecafde921939565dfe36adfa9f29d1b13d7b77386
SHA512

57e5c3bb74386c778b1600e164d8e2cba29a41760b0bfb8a511b65b67f6559dc3a47cb92456fcc837cb1a5bc0d0782fd27f1ace8fc9621a6f0c9307aeece53de
SSDEEP

3072:cVGejtPUeUwIVGejtPUeUwMMKjxmjLZGDAMJJlzTPPA0ZLpfq8gMPhbi2zhkBg:cVGejtPUeUwIVGejtPUeUwM1iLZGDAMx

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3268	msedge.exe
3268	msedge.exe
3380	msedge.exe
3380	msedge.exe
4836	identity_helper.exe
4836	identity_helper.exe
1040	msedge.exe
1040	msedge.exe
1040	msedge.exe
1040	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3380 wrote to memory of 3636	3380	msedge.exe	82
PID 3380 wrote to memory of 3636	3380	msedge.exe	82
PID 3380 wrote to memory of 2200	3380	msedge.exe	83
PID 3380 wrote to memory of 2200	3380	msedge.exe	83
PID 3380 wrote to memory of 2200	3380	msedge.exe	83
PID 3380 wrote to memory of 2200	3380	msedge.exe	83
PID 3380 wrote to memory of 2200	3380	msedge.exe	83
PID 3380 wrote to memory of 2200	3380	msedge.exe	83
PID 3380 wrote to memory of 2200	3380	msedge.exe	83
PID 3380 wrote to memory of 2200	3380	msedge.exe	83
PID 3380 wrote to memory of 2200	3380	msedge.exe	83
PID 3380 wrote to memory of 2200	3380	msedge.exe	83
PID 3380 wrote to memory of 2200	3380	msedge.exe	83
PID 3380 wrote to memory of 2200	3380	msedge.exe	83
PID 3380 wrote to memory of 2200	3380	msedge.exe	83
PID 3380 wrote to memory of 2200	3380	msedge.exe	83
PID 3380 wrote to memory of 2200	3380	msedge.exe	83
PID 3380 wrote to memory of 2200	3380	msedge.exe	83
PID 3380 wrote to memory of 2200	3380	msedge.exe	83
PID 3380 wrote to memory of 2200	3380	msedge.exe	83
PID 3380 wrote to memory of 2200	3380	msedge.exe	83
PID 3380 wrote to memory of 2200	3380	msedge.exe	83
PID 3380 wrote to memory of 2200	3380	msedge.exe	83
PID 3380 wrote to memory of 2200	3380	msedge.exe	83
PID 3380 wrote to memory of 2200	3380	msedge.exe	83
PID 3380 wrote to memory of 2200	3380	msedge.exe	83
PID 3380 wrote to memory of 2200	3380	msedge.exe	83
PID 3380 wrote to memory of 2200	3380	msedge.exe	83
PID 3380 wrote to memory of 2200	3380	msedge.exe	83
PID 3380 wrote to memory of 2200	3380	msedge.exe	83
PID 3380 wrote to memory of 2200	3380	msedge.exe	83
PID 3380 wrote to memory of 2200	3380	msedge.exe	83
PID 3380 wrote to memory of 2200	3380	msedge.exe	83
PID 3380 wrote to memory of 2200	3380	msedge.exe	83
PID 3380 wrote to memory of 2200	3380	msedge.exe	83
PID 3380 wrote to memory of 2200	3380	msedge.exe	83
PID 3380 wrote to memory of 2200	3380	msedge.exe	83
PID 3380 wrote to memory of 2200	3380	msedge.exe	83
PID 3380 wrote to memory of 2200	3380	msedge.exe	83
PID 3380 wrote to memory of 2200	3380	msedge.exe	83
PID 3380 wrote to memory of 2200	3380	msedge.exe	83
PID 3380 wrote to memory of 2200	3380	msedge.exe	83
PID 3380 wrote to memory of 3268	3380	msedge.exe	84
PID 3380 wrote to memory of 3268	3380	msedge.exe	84
PID 3380 wrote to memory of 2040	3380	msedge.exe	85
PID 3380 wrote to memory of 2040	3380	msedge.exe	85
PID 3380 wrote to memory of 2040	3380	msedge.exe	85
PID 3380 wrote to memory of 2040	3380	msedge.exe	85
PID 3380 wrote to memory of 2040	3380	msedge.exe	85
PID 3380 wrote to memory of 2040	3380	msedge.exe	85
PID 3380 wrote to memory of 2040	3380	msedge.exe	85
PID 3380 wrote to memory of 2040	3380	msedge.exe	85
PID 3380 wrote to memory of 2040	3380	msedge.exe	85
PID 3380 wrote to memory of 2040	3380	msedge.exe	85
PID 3380 wrote to memory of 2040	3380	msedge.exe	85
PID 3380 wrote to memory of 2040	3380	msedge.exe	85
PID 3380 wrote to memory of 2040	3380	msedge.exe	85
PID 3380 wrote to memory of 2040	3380	msedge.exe	85
PID 3380 wrote to memory of 2040	3380	msedge.exe	85
PID 3380 wrote to memory of 2040	3380	msedge.exe	85
PID 3380 wrote to memory of 2040	3380	msedge.exe	85
PID 3380 wrote to memory of 2040	3380	msedge.exe	85
PID 3380 wrote to memory of 2040	3380	msedge.exe	85
PID 3380 wrote to memory of 2040	3380	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\2ce345ac33163de8d12f16b85a8b3170_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff09ff46f8,0x7fff09ff4708,0x7fff09ff4718
  2⤵
  PID:3636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,10245342087860233646,13772810226858496684,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2
  2⤵
  PID:2200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,10245342087860233646,13772810226858496684,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2296 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,10245342087860233646,13772810226858496684,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2832 /prefetch:8
  2⤵
  PID:2040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,10245342087860233646,13772810226858496684,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:4312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,10245342087860233646,13772810226858496684,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
  2⤵
  PID:1368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,10245342087860233646,13772810226858496684,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6132 /prefetch:1
  2⤵
  PID:184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,10245342087860233646,13772810226858496684,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6000 /prefetch:1
  2⤵
  PID:1464
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,10245342087860233646,13772810226858496684,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5496 /prefetch:8
  2⤵
  PID:5112
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,10245342087860233646,13772810226858496684,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5496 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,10245342087860233646,13772810226858496684,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5656 /prefetch:1
  2⤵
  PID:3784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,10245342087860233646,13772810226858496684,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5080 /prefetch:1
  2⤵
  PID:4620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,10245342087860233646,13772810226858496684,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5016 /prefetch:1
  2⤵
  PID:4844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,10245342087860233646,13772810226858496684,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5012 /prefetch:1
  2⤵
  PID:1164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,10245342087860233646,13772810226858496684,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4904 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1040

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4876

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2988

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f0f818d52a59eb6cf9c4dd2a1c844df9

SHA1
26afc4b28c0287274624690bd5bd4786cfe11d16

SHA256
58c0beea55fecbeded2d2c593473149214df818be1e4e4a28c97171dc8179d61

SHA512
7e8a1d3a6c8c9b0f1ac497e509e9edbe9e121df1df0147ce4421b8cf526ad238bd146868e177f9ce02e2d8f99cf7bb9ce7db4a582d487bbc921945211a977509

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0331fa75ac7846bafcf885ea76d47447

SHA1
5a141ffda430e091153fefc4aa36317422ba28ae

SHA256
64b4b2e791644fc04f164ecd13b8b9a3e62669896fb7907bf0a072bbeebaf74a

SHA512
f8b960d38d73cf29ce17ea409ef6830cae99d7deafaf2ff59f8347120d81925ff16e38faaa0f7f4c39936472d05d1d131df2a8a383351f138c38afb21c1a60e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
595B

MD5
61c706cd21645b079b0e8bf4c2b68301

SHA1
ca05112556e4796260124b5b15edc1562e3479bb

SHA256
34bb29b7618091077d6b41465732d3ff638e9bffeaf94d2c66f95fa6cbf5499c

SHA512
a5a614a1345826ff2411199ef33ed9cf964dedee0d5e93182f7a6a74b26479cee821836de297f9bc81567cd6efd5631e8137fd19c51b2a475390b81b93e6cdb7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2685fdbe9c6fae8aa1af64aaf67d26d5

SHA1
171acf807422978417e962aeefaee13a6c86ca15

SHA256
2bebe688debfbc609ba268710acfdcb089b97f3ae6bafb162a87f6a8375a7247

SHA512
e2fcb796ca41de96a7512b2c6d5ef03ab4b11a6ec30623368914088f96706a3e1842d94bc0b82610e9b81dd4abfc83eb8f963838703bcb54a2c6f6821bdbb6b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f9edadb060c91ff98c3381515177008c

SHA1
c8ab1b223537b5e05a7515373cedc3320108309f

SHA256
9a54322c928c7f3db150a9a1cd5cba7a8c12def14558d062d8e0f5866d6237ad

SHA512
356aeff7569a944db3d50c66d08a099af0d04a66820604b45325f3afc6be2078f5b7343794d5c97e8c0e33a809f25b493db7336239a2954155d68280fcd02252

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
646e9b1bccae5f62c32f73540d5fd89f

SHA1
645b7d288e51b3fde8390d7f84249f545950b122

SHA256
95fe3d42f73283c51b6afdcc82122e8a39d8be47e5aca01293e13d766adaef5e

SHA512
9769ccb9aebdb12c4212b851de70357c23faad6ec55746f0ec55ed71cc252713f97874d965d74a56244d56077c3aa785863b944368d4626573d8ffe21ea58091

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
5a7f9328c25ed7b6ce3364887e91121c

SHA1
48d8afb940af384101c6fa66398c3b91ee40ba0a

SHA256
c69f4a2e29b0dd7065acd342144cdf4315a9b2cbbb9598f8bd17c1f89b1f73db

SHA512
443d933fb9bf648c45a9640467f39bcfa2a7e1349595bd9fa264419044f1eda5f26041703d09ef113176534427b62f9e450449935fcf8c4ae33051c90e50fc79

Download Submit