hxxps://github[.]com/fabrimagic72/malware-samples/tree/master/Ransomware/Wannacry

Analysis

max time kernel
145s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
26/12/2023, 05:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/fabrimagic72/malware-samples/tree/master/Ransomware/Wannacry

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
5076	msedge.exe
5076	msedge.exe
2496	msedge.exe
2496	msedge.exe
5016	identity_helper.exe
5016	identity_helper.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2496 wrote to memory of 2404	2496	msedge.exe	14
PID 2496 wrote to memory of 2404	2496	msedge.exe	14
PID 2496 wrote to memory of 4404	2496	msedge.exe	26
PID 2496 wrote to memory of 4404	2496	msedge.exe	26
PID 2496 wrote to memory of 4404	2496	msedge.exe	26
PID 2496 wrote to memory of 4404	2496	msedge.exe	26
PID 2496 wrote to memory of 4404	2496	msedge.exe	26
PID 2496 wrote to memory of 4404	2496	msedge.exe	26
PID 2496 wrote to memory of 4404	2496	msedge.exe	26
PID 2496 wrote to memory of 4404	2496	msedge.exe	26
PID 2496 wrote to memory of 4404	2496	msedge.exe	26
PID 2496 wrote to memory of 4404	2496	msedge.exe	26
PID 2496 wrote to memory of 4404	2496	msedge.exe	26
PID 2496 wrote to memory of 4404	2496	msedge.exe	26
PID 2496 wrote to memory of 4404	2496	msedge.exe	26
PID 2496 wrote to memory of 4404	2496	msedge.exe	26
PID 2496 wrote to memory of 4404	2496	msedge.exe	26
PID 2496 wrote to memory of 4404	2496	msedge.exe	26
PID 2496 wrote to memory of 4404	2496	msedge.exe	26
PID 2496 wrote to memory of 4404	2496	msedge.exe	26
PID 2496 wrote to memory of 4404	2496	msedge.exe	26
PID 2496 wrote to memory of 4404	2496	msedge.exe	26
PID 2496 wrote to memory of 4404	2496	msedge.exe	26
PID 2496 wrote to memory of 4404	2496	msedge.exe	26
PID 2496 wrote to memory of 4404	2496	msedge.exe	26
PID 2496 wrote to memory of 4404	2496	msedge.exe	26
PID 2496 wrote to memory of 4404	2496	msedge.exe	26
PID 2496 wrote to memory of 4404	2496	msedge.exe	26
PID 2496 wrote to memory of 4404	2496	msedge.exe	26
PID 2496 wrote to memory of 4404	2496	msedge.exe	26
PID 2496 wrote to memory of 4404	2496	msedge.exe	26
PID 2496 wrote to memory of 4404	2496	msedge.exe	26
PID 2496 wrote to memory of 4404	2496	msedge.exe	26
PID 2496 wrote to memory of 4404	2496	msedge.exe	26
PID 2496 wrote to memory of 4404	2496	msedge.exe	26
PID 2496 wrote to memory of 4404	2496	msedge.exe	26
PID 2496 wrote to memory of 4404	2496	msedge.exe	26
PID 2496 wrote to memory of 4404	2496	msedge.exe	26
PID 2496 wrote to memory of 4404	2496	msedge.exe	26
PID 2496 wrote to memory of 4404	2496	msedge.exe	26
PID 2496 wrote to memory of 4404	2496	msedge.exe	26
PID 2496 wrote to memory of 4404	2496	msedge.exe	26
PID 2496 wrote to memory of 5076	2496	msedge.exe	24
PID 2496 wrote to memory of 5076	2496	msedge.exe	24
PID 2496 wrote to memory of 1880	2496	msedge.exe	25
PID 2496 wrote to memory of 1880	2496	msedge.exe	25
PID 2496 wrote to memory of 1880	2496	msedge.exe	25
PID 2496 wrote to memory of 1880	2496	msedge.exe	25
PID 2496 wrote to memory of 1880	2496	msedge.exe	25
PID 2496 wrote to memory of 1880	2496	msedge.exe	25
PID 2496 wrote to memory of 1880	2496	msedge.exe	25
PID 2496 wrote to memory of 1880	2496	msedge.exe	25
PID 2496 wrote to memory of 1880	2496	msedge.exe	25
PID 2496 wrote to memory of 1880	2496	msedge.exe	25
PID 2496 wrote to memory of 1880	2496	msedge.exe	25
PID 2496 wrote to memory of 1880	2496	msedge.exe	25
PID 2496 wrote to memory of 1880	2496	msedge.exe	25
PID 2496 wrote to memory of 1880	2496	msedge.exe	25
PID 2496 wrote to memory of 1880	2496	msedge.exe	25
PID 2496 wrote to memory of 1880	2496	msedge.exe	25
PID 2496 wrote to memory of 1880	2496	msedge.exe	25
PID 2496 wrote to memory of 1880	2496	msedge.exe	25
PID 2496 wrote to memory of 1880	2496	msedge.exe	25
PID 2496 wrote to memory of 1880	2496	msedge.exe	25

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x80,0x78,0x104,0x7c,0x108,0x7ffcb0ae46f8,0x7ffcb0ae4708,0x7ffcb0ae4718
1⤵
PID:2404

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/fabrimagic72/malware-samples/tree/master/Ransomware/Wannacry
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1804,4787714209892396409,16151323195042152591,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2336 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1804,4787714209892396409,16151323195042152591,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2856 /prefetch:8
  2⤵
  PID:1880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1804,4787714209892396409,16151323195042152591,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:2
  2⤵
  PID:4404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1804,4787714209892396409,16151323195042152591,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
  2⤵
  PID:3940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1804,4787714209892396409,16151323195042152591,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
  2⤵
  PID:4996
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1804,4787714209892396409,16151323195042152591,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5500 /prefetch:8
  2⤵
  PID:2052
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1804,4787714209892396409,16151323195042152591,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5500 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1804,4787714209892396409,16151323195042152591,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5084 /prefetch:1
  2⤵
  PID:4756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1804,4787714209892396409,16151323195042152591,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5108 /prefetch:1
  2⤵
  PID:1300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1804,4787714209892396409,16151323195042152591,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1
  2⤵
  PID:1128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1804,4787714209892396409,16151323195042152591,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5580 /prefetch:1
  2⤵
  PID:1892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1804,4787714209892396409,16151323195042152591,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1924 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3940

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5004

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4836

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1386433ecc349475d39fb1e4f9e149a0

SHA1
f04f71ac77cb30f1d04fd16d42852322a8b2680f

SHA256
a7c79320a37d3516823f533e0ca73ed54fc4cdade9999b9827d06ea9f8916bbc

SHA512
fcd5449c58ead25955d01739929c42ffc89b9007bc2c8779c05271f2d053be66e05414c410738c35572ef31811aff908e7fe3dd7a9cef33c27acb308a420280e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
0af5f248f4a9784e3eb849e26423e9de

SHA1
22cf1e99eda3da6f32dd94cae9a13e45eb88e352

SHA256
a843ed90ded83070867b0cbc157a49690e41c50880ce49738091972157964b26

SHA512
0b44194bfce945f8574ec17940878a4b7ca01dc82e3a18faa9f6463c932202c4fe816d1ec75508c908b31e2ef836851105bc979a7cb49f61b9f560a52389093b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
496B

MD5
7e94eef311a6778053e0f2c7316d4a4e

SHA1
c3c0bbc8c947db2654ac5857903a1733196a93e5

SHA256
430b64782d816e293bb7a8b12e49acd5366b5f3a6508429a05600269248601b5

SHA512
ca3a9c084e988e4bb968960e2480fa89c5a6c72f1d3810138695e243a3ae54b22e4041988c4de1f817a6cf8c289652e60c19671292c7a4d5c7939097b3a94b99

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
dcc33685b0ba769a3a210a8587cfdc32

SHA1
71c28651c384b0c1b8aa0351c5be0b97e4773c54

SHA256
4c4c52a87ffa03f7278888ffcd404594dddca65190f53d1a7e40f34c1e33e7c4

SHA512
7581c4779b88880bb40e9149a7ad9ff5482d72eedb45321eec68d4f150ae54faf09d331d8856b355eaecbabe43686e2fb3b4f74efdc072004c49ee944daec98f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
dde240c2deb4a14de53bcd8c31c9e9b7

SHA1
8b96db7eee93eb59b5aa138260996a76dadb41cb

SHA256
9a944b5494256f6e2102705984e477c515c169c1de580c05f9e05123b03c8283

SHA512
b0777ce834dcfc091fb3e07e84b28321c5dae8288d764789c29ae75aa88c898718cef5dd2b0ccc217b338d30a47f8a8742624409cd5b4caeed3ad2fea5a847c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
74b5d2f46eccd52b60ca996553afe113

SHA1
33e5d8eed52913059bdc20c856534163c7121a0d

SHA256
a55cc576adb54dff05c8b3d56e64e4fbd3c54d94eb9ce23475984179e3b52bd3

SHA512
c0c528998bf4bc14ad3ab119db43db3b223f59f05231b5de9d0357894b69bad1d8f576c1c2dc6a0124a867d158e7d8435169df1453c281412cd817e6916df547

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
e664066e3aa135f185ed1c194b9fa1f8

SHA1
358ff3c6ad0580b8ae1e5ef2a89a4e597c2efdc5

SHA256
86e595be48dbc768a52d7ea62116036c024093e1302aced8c29dd6a2d9935617

SHA512
58710818b5f664006a5aa418da6c8cd3f709c2265bc161f81b9dfe6cdb8304fabaa4ce9deba419fe4281623feeeaa0321f481ae5855d347c6d8cf95968ee905e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
874B

MD5
f2ede03065974c284e1267e716dd2592

SHA1
4f4f1cab635b3c833421a601c7e6ff284b13e1d7

SHA256
02835f90dc48fcd81ed616e747d4a38dc0f954bd093eb51b4f598867af27ca2d

SHA512
299fae03ffc4c83ab6bbbe0f56f35fd96815c61179d11729c4f7b6ec25485d4e415dbe612058c89c6dac912f553c1b4cfd3ea99a1bd454b4471c32e643759386

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57a8c3.TMP

Filesize
707B

MD5
bc1d2e0e76ea9bb2547d0d9f763c3743

SHA1
49810c023db755a23fb4b6be18daf22f9bcb49bd

SHA256
5a2b9d55f25d35f4772f8d695c9ab81ed49283604b3c8343bee57c7efe5f3e4f

SHA512
f0a17381803eb15398954390dad0398edaf730c78c7983b5578e7314fe4a0d20189ef78c48bce3a04f31f9c0be68c1d4f7a79fb2f1ce18312bf2353403eecda8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
5237123acd853c69a0b0681156980785

SHA1
8e88c8ab55c30d2b104a5a6329bbed8a04508409

SHA256
6de3a677525ea92e6a12d232674cc6778ec39e1703e17e8eda0006e58f9dc131

SHA512
dc84c0fe2d819ec3f5be31d97045b87639333f4c8ef7956a24d9d2784219147f1d85221ad17985595994d47917df58904cf52f3a46b6a3e042e8ec304a8c6c54

Download Submit