76584176c8831c5003b17e4d5642d99514f8da226dd8e38dc9ccc9417d815084

Analysis

max time kernel
145s
max time network
138s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
12/10/2024, 05:35

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

38a33c54e05178312b4a1ba29df68e29_JaffaCakes118.html
Size

80KB
MD5

38a33c54e05178312b4a1ba29df68e29
SHA1

109704922c4e9daf8bd308334236965714580533
SHA256

76584176c8831c5003b17e4d5642d99514f8da226dd8e38dc9ccc9417d815084
SHA512

be50b6dc728ea5a8dc6f8bed488854fa7d3235d29c216781a563da3f15d9d891943564c76360236fbb6b084ab75fd371fefc0bd6cad02884d1eb38129bb63001
SSDEEP

768:UmkbuyAz2o+hSSjMk7zoq70Jh+IMzDg60S7VtMLLDQa:mrhzMG5LIQgyVtMjz

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4868	msedge.exe
4868	msedge.exe
1508	msedge.exe
1508	msedge.exe
4288	identity_helper.exe
4288	identity_helper.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1508 wrote to memory of 3068	1508	msedge.exe	83
PID 1508 wrote to memory of 3068	1508	msedge.exe	83
PID 1508 wrote to memory of 856	1508	msedge.exe	85
PID 1508 wrote to memory of 856	1508	msedge.exe	85
PID 1508 wrote to memory of 856	1508	msedge.exe	85
PID 1508 wrote to memory of 856	1508	msedge.exe	85
PID 1508 wrote to memory of 856	1508	msedge.exe	85
PID 1508 wrote to memory of 856	1508	msedge.exe	85
PID 1508 wrote to memory of 856	1508	msedge.exe	85
PID 1508 wrote to memory of 856	1508	msedge.exe	85
PID 1508 wrote to memory of 856	1508	msedge.exe	85
PID 1508 wrote to memory of 856	1508	msedge.exe	85
PID 1508 wrote to memory of 856	1508	msedge.exe	85
PID 1508 wrote to memory of 856	1508	msedge.exe	85
PID 1508 wrote to memory of 856	1508	msedge.exe	85
PID 1508 wrote to memory of 856	1508	msedge.exe	85
PID 1508 wrote to memory of 856	1508	msedge.exe	85
PID 1508 wrote to memory of 856	1508	msedge.exe	85
PID 1508 wrote to memory of 856	1508	msedge.exe	85
PID 1508 wrote to memory of 856	1508	msedge.exe	85
PID 1508 wrote to memory of 856	1508	msedge.exe	85
PID 1508 wrote to memory of 856	1508	msedge.exe	85
PID 1508 wrote to memory of 856	1508	msedge.exe	85
PID 1508 wrote to memory of 856	1508	msedge.exe	85
PID 1508 wrote to memory of 856	1508	msedge.exe	85
PID 1508 wrote to memory of 856	1508	msedge.exe	85
PID 1508 wrote to memory of 856	1508	msedge.exe	85
PID 1508 wrote to memory of 856	1508	msedge.exe	85
PID 1508 wrote to memory of 856	1508	msedge.exe	85
PID 1508 wrote to memory of 856	1508	msedge.exe	85
PID 1508 wrote to memory of 856	1508	msedge.exe	85
PID 1508 wrote to memory of 856	1508	msedge.exe	85
PID 1508 wrote to memory of 856	1508	msedge.exe	85
PID 1508 wrote to memory of 856	1508	msedge.exe	85
PID 1508 wrote to memory of 856	1508	msedge.exe	85
PID 1508 wrote to memory of 856	1508	msedge.exe	85
PID 1508 wrote to memory of 856	1508	msedge.exe	85
PID 1508 wrote to memory of 856	1508	msedge.exe	85
PID 1508 wrote to memory of 856	1508	msedge.exe	85
PID 1508 wrote to memory of 856	1508	msedge.exe	85
PID 1508 wrote to memory of 856	1508	msedge.exe	85
PID 1508 wrote to memory of 856	1508	msedge.exe	85
PID 1508 wrote to memory of 4868	1508	msedge.exe	86
PID 1508 wrote to memory of 4868	1508	msedge.exe	86
PID 1508 wrote to memory of 1004	1508	msedge.exe	87
PID 1508 wrote to memory of 1004	1508	msedge.exe	87
PID 1508 wrote to memory of 1004	1508	msedge.exe	87
PID 1508 wrote to memory of 1004	1508	msedge.exe	87
PID 1508 wrote to memory of 1004	1508	msedge.exe	87
PID 1508 wrote to memory of 1004	1508	msedge.exe	87
PID 1508 wrote to memory of 1004	1508	msedge.exe	87
PID 1508 wrote to memory of 1004	1508	msedge.exe	87
PID 1508 wrote to memory of 1004	1508	msedge.exe	87
PID 1508 wrote to memory of 1004	1508	msedge.exe	87
PID 1508 wrote to memory of 1004	1508	msedge.exe	87
PID 1508 wrote to memory of 1004	1508	msedge.exe	87
PID 1508 wrote to memory of 1004	1508	msedge.exe	87
PID 1508 wrote to memory of 1004	1508	msedge.exe	87
PID 1508 wrote to memory of 1004	1508	msedge.exe	87
PID 1508 wrote to memory of 1004	1508	msedge.exe	87
PID 1508 wrote to memory of 1004	1508	msedge.exe	87
PID 1508 wrote to memory of 1004	1508	msedge.exe	87
PID 1508 wrote to memory of 1004	1508	msedge.exe	87
PID 1508 wrote to memory of 1004	1508	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\38a33c54e05178312b4a1ba29df68e29_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff7a9646f8,0x7fff7a964708,0x7fff7a964718
  2⤵
  PID:3068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,6042921341567817082,17441097548988481350,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2208 /prefetch:2
  2⤵
  PID:856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2172,6042921341567817082,17441097548988481350,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2272 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2172,6042921341567817082,17441097548988481350,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2916 /prefetch:8
  2⤵
  PID:1004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,6042921341567817082,17441097548988481350,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3176 /prefetch:1
  2⤵
  PID:3320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,6042921341567817082,17441097548988481350,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3200 /prefetch:1
  2⤵
  PID:4120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,6042921341567817082,17441097548988481350,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5112 /prefetch:1
  2⤵
  PID:5068
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2172,6042921341567817082,17441097548988481350,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1964 /prefetch:8
  2⤵
  PID:3580
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2172,6042921341567817082,17441097548988481350,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1964 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,6042921341567817082,17441097548988481350,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5544 /prefetch:1
  2⤵
  PID:4556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,6042921341567817082,17441097548988481350,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5468 /prefetch:1
  2⤵
  PID:1488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,6042921341567817082,17441097548988481350,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4996 /prefetch:1
  2⤵
  PID:3008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,6042921341567817082,17441097548988481350,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5520 /prefetch:1
  2⤵
  PID:4604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,6042921341567817082,17441097548988481350,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4840 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4408

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1332

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1388

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
fab8d8d865e33fe195732aa7dcb91c30

SHA1
2637e832f38acc70af3e511f5eba80fbd7461f2c

SHA256
1b034ffe38e534e2b7a21be7c1f207ff84a1d5f3893207d0b4bb1a509b4185ea

SHA512
39a3d43ef7e28fea2cb247a5d09576a4904a43680db8c32139f22a03d80f6ede98708a2452f3f82232b868501340f79c0b3f810f597bcaf5267c3ccfb1704b43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
36988ca14952e1848e81a959880ea217

SHA1
a0482ef725657760502c2d1a5abe0bb37aebaadb

SHA256
d7e96088b37cec1bde202ae8ec2d2f3c3aafc368b6ebd91b3e2985846facf2e6

SHA512
d04b2f5afec92eb3d9f9cdc148a3eddd1b615e0dfb270566a7969576f50881d1f8572bccb8b9fd7993724bdfe36fc7633a33381d43e0b96c4e9bbd53fc010173

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
468B

MD5
da9bb0c59c81926aa9631ae078801d93

SHA1
9149e82a6e47b43ae177a124c17c8723dd803455

SHA256
5d6afc9c6313da3f0d5d120f3633944bf25d3458a0727bb89fd32b098ea8afa6

SHA512
e5d46f4014896ea6d62d85e82fa59aff3fc8b33071200bc67d95809f4123293c950ae0d6d04495827ae38871a0b0f2a7ea81b29889c6917ec8b9dc232145f621

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
da149f206dcce068d7eeee42b76d2dd3

SHA1
66734a18c28c1174084b07080296c34277c2cb9d

SHA256
5490a256110bb2202b88c446b3af1a31855d02c606cf9103f5473961df35cf8e

SHA512
85b37853b3576a6209ab9ed1a2202b33d48e01838b93c8f8575ef649841862e0691f2bab1466b6a69fb70160c1a3af33f985f993b9d47e74335c924c10dac3be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
268d3a34a41a0e0074a37d64a2f427f9

SHA1
0dbd2362f4d5fa6f63a01c1c1800e5df51891f79

SHA256
50545dd5bce91edb416bc7cbfe2f9ea0d96f22ae856720e8963fa8eeeb9d9c51

SHA512
fe5dde011720c3a1c80da6ce5770e9e8343cb699561799a34c5a4c013efa76d2000e6770b1936c6e85c95375bfc36582eedca622b4ab0c20bfc29f76876fb6c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4d17bb7e9aef35826ad8fbe43675c820

SHA1
2db40bb52c07b16b894f7f04bc4018702d1b9184

SHA256
af0a8e1289460267eabae13113e34c828e064b6190eeb828d329a77df2292c0c

SHA512
00a78f4010fb0a65a04957db439cd31b9bce5b4ba2857c3cba56ac19bf4c2aeda727b95606bdf8572c5ccd4a9e1da3b53f9c4350df14aca90e229b7aa50871a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e53ec02152ec743c57d125bfcec6afc5

SHA1
82450b853dcccf39620b978c0899a33fb20ee4fc

SHA256
1505f308a2d64d58f5d8eb0e3b734d9dce9804e81fb35a1e91f062b426e3d6dd

SHA512
0b267e7d1e8f614721b89aef0e403d18fb0e67a551c20c9ab7e5062bff87eb9a27ab4fe914656748963405d4bb4ac9daa5244abc8aedd0930e1aa15e59bfac13

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
056ffc5c405cda3af97da8f9d5404ea4

SHA1
67795039c3d36cdd855e91171c93fc5e5d01e58b

SHA256
c059862b6065b553352ba77789c474bbf1323feeea4c7a2151d4f10f9fc53520

SHA512
7048e08463962a5cb927c5e3b7848e2934dadf3ce6397b77fb8d2e4c75a3d3a133c9a015cabfa5bc097d44496f9489f004344ca479120de29f9700af84edc7dc

Download Submit