hxxps://github[.]com/fabrimagic72/malware-samples/tree/master/Ransomware/Wannacry

Analysis

max time kernel
164s
max time network
186s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
26-12-2023 05:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/fabrimagic72/malware-samples/tree/master/Ransomware/Wannacry

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4308	msedge.exe
4308	msedge.exe
2976	msedge.exe
2976	msedge.exe
4272	identity_helper.exe
4272	identity_helper.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
2976	msedge.exe
2976	msedge.exe
2976	msedge.exe
2976	msedge.exe
2976	msedge.exe
2976	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2976	msedge.exe
2976	msedge.exe
2976	msedge.exe
2976	msedge.exe
2976	msedge.exe
2976	msedge.exe
2976	msedge.exe
2976	msedge.exe
2976	msedge.exe
2976	msedge.exe
2976	msedge.exe
2976	msedge.exe
2976	msedge.exe
2976	msedge.exe
2976	msedge.exe
2976	msedge.exe
2976	msedge.exe
2976	msedge.exe
2976	msedge.exe
2976	msedge.exe
2976	msedge.exe
2976	msedge.exe
2976	msedge.exe
2976	msedge.exe
2976	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2976	msedge.exe
2976	msedge.exe
2976	msedge.exe
2976	msedge.exe
2976	msedge.exe
2976	msedge.exe
2976	msedge.exe
2976	msedge.exe
2976	msedge.exe
2976	msedge.exe
2976	msedge.exe
2976	msedge.exe
2976	msedge.exe
2976	msedge.exe
2976	msedge.exe
2976	msedge.exe
2976	msedge.exe
2976	msedge.exe
2976	msedge.exe
2976	msedge.exe
2976	msedge.exe
2976	msedge.exe
2976	msedge.exe
2976	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2976 wrote to memory of 3408	2976	msedge.exe	47
PID 2976 wrote to memory of 3408	2976	msedge.exe	47
PID 2976 wrote to memory of 2600	2976	msedge.exe	91
PID 2976 wrote to memory of 2600	2976	msedge.exe	91
PID 2976 wrote to memory of 2600	2976	msedge.exe	91
PID 2976 wrote to memory of 2600	2976	msedge.exe	91
PID 2976 wrote to memory of 2600	2976	msedge.exe	91
PID 2976 wrote to memory of 2600	2976	msedge.exe	91
PID 2976 wrote to memory of 2600	2976	msedge.exe	91
PID 2976 wrote to memory of 2600	2976	msedge.exe	91
PID 2976 wrote to memory of 2600	2976	msedge.exe	91
PID 2976 wrote to memory of 2600	2976	msedge.exe	91
PID 2976 wrote to memory of 2600	2976	msedge.exe	91
PID 2976 wrote to memory of 2600	2976	msedge.exe	91
PID 2976 wrote to memory of 2600	2976	msedge.exe	91
PID 2976 wrote to memory of 2600	2976	msedge.exe	91
PID 2976 wrote to memory of 2600	2976	msedge.exe	91
PID 2976 wrote to memory of 2600	2976	msedge.exe	91
PID 2976 wrote to memory of 2600	2976	msedge.exe	91
PID 2976 wrote to memory of 2600	2976	msedge.exe	91
PID 2976 wrote to memory of 2600	2976	msedge.exe	91
PID 2976 wrote to memory of 2600	2976	msedge.exe	91
PID 2976 wrote to memory of 2600	2976	msedge.exe	91
PID 2976 wrote to memory of 2600	2976	msedge.exe	91
PID 2976 wrote to memory of 2600	2976	msedge.exe	91
PID 2976 wrote to memory of 2600	2976	msedge.exe	91
PID 2976 wrote to memory of 2600	2976	msedge.exe	91
PID 2976 wrote to memory of 2600	2976	msedge.exe	91
PID 2976 wrote to memory of 2600	2976	msedge.exe	91
PID 2976 wrote to memory of 2600	2976	msedge.exe	91
PID 2976 wrote to memory of 2600	2976	msedge.exe	91
PID 2976 wrote to memory of 2600	2976	msedge.exe	91
PID 2976 wrote to memory of 2600	2976	msedge.exe	91
PID 2976 wrote to memory of 2600	2976	msedge.exe	91
PID 2976 wrote to memory of 2600	2976	msedge.exe	91
PID 2976 wrote to memory of 2600	2976	msedge.exe	91
PID 2976 wrote to memory of 2600	2976	msedge.exe	91
PID 2976 wrote to memory of 2600	2976	msedge.exe	91
PID 2976 wrote to memory of 2600	2976	msedge.exe	91
PID 2976 wrote to memory of 2600	2976	msedge.exe	91
PID 2976 wrote to memory of 2600	2976	msedge.exe	91
PID 2976 wrote to memory of 2600	2976	msedge.exe	91
PID 2976 wrote to memory of 4308	2976	msedge.exe	90
PID 2976 wrote to memory of 4308	2976	msedge.exe	90
PID 2976 wrote to memory of 1696	2976	msedge.exe	92
PID 2976 wrote to memory of 1696	2976	msedge.exe	92
PID 2976 wrote to memory of 1696	2976	msedge.exe	92
PID 2976 wrote to memory of 1696	2976	msedge.exe	92
PID 2976 wrote to memory of 1696	2976	msedge.exe	92
PID 2976 wrote to memory of 1696	2976	msedge.exe	92
PID 2976 wrote to memory of 1696	2976	msedge.exe	92
PID 2976 wrote to memory of 1696	2976	msedge.exe	92
PID 2976 wrote to memory of 1696	2976	msedge.exe	92
PID 2976 wrote to memory of 1696	2976	msedge.exe	92
PID 2976 wrote to memory of 1696	2976	msedge.exe	92
PID 2976 wrote to memory of 1696	2976	msedge.exe	92
PID 2976 wrote to memory of 1696	2976	msedge.exe	92
PID 2976 wrote to memory of 1696	2976	msedge.exe	92
PID 2976 wrote to memory of 1696	2976	msedge.exe	92
PID 2976 wrote to memory of 1696	2976	msedge.exe	92
PID 2976 wrote to memory of 1696	2976	msedge.exe	92
PID 2976 wrote to memory of 1696	2976	msedge.exe	92
PID 2976 wrote to memory of 1696	2976	msedge.exe	92
PID 2976 wrote to memory of 1696	2976	msedge.exe	92

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/fabrimagic72/malware-samples/tree/master/Ransomware/Wannacry
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff997246f8,0x7fff99724708,0x7fff99724718
  2⤵
  PID:3408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,16562733041027451564,15380480467159779550,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,16562733041027451564,15380480467159779550,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2
  2⤵
  PID:2600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,16562733041027451564,15380480467159779550,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2916 /prefetch:8
  2⤵
  PID:1696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16562733041027451564,15380480467159779550,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1
  2⤵
  PID:2732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16562733041027451564,15380480467159779550,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
  2⤵
  PID:4996
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,16562733041027451564,15380480467159779550,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5472 /prefetch:8
  2⤵
  PID:4776
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,16562733041027451564,15380480467159779550,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5472 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16562733041027451564,15380480467159779550,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5528 /prefetch:1
  2⤵
  PID:3400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16562733041027451564,15380480467159779550,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5476 /prefetch:1
  2⤵
  PID:2968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16562733041027451564,15380480467159779550,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4916 /prefetch:1
  2⤵
  PID:5252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16562733041027451564,15380480467159779550,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3504 /prefetch:1
  2⤵
  PID:5260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,16562733041027451564,15380480467159779550,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2208 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4040

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3248

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2200

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d5564ccbd62bac229941d2812fc4bfba

SHA1
0483f8496225a0f2ca0d2151fab40e8f4f61ab6d

SHA256
d259ff04090cbde3b87a54554d6e2b8a33ba81e9483acbbe3e6bad15cbde4921

SHA512
300cda7933e8af577bdc1b20e6d4279d1e418cdb0571c928b1568bfea3c231ba632ccb67313ae73ddeae5586d85db95caffaedd23e973d437f8496a8c5a15025

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
ce317f8108454865c3d5f2de4095b2da

SHA1
4ea8a85c3fe245c1dcaba4057296588d8d6ccebe

SHA256
55153328b9b472ea275cb38231abf29b799334a63033578a6570f41ceb572a8c

SHA512
e43bde6dfade9a0530d814770f8edc74d2e4921d78ae36f88ad86915091223fc0308a585decbafbbd423de48b6852935f055c608dad464a674066aeb51bee366

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
496B

MD5
0df51dba75f9a1deb54190ca58407566

SHA1
ba53bcf1564dd824a031eb11b8775db46723ba31

SHA256
182191813128e43e968e4ab24a192ceba91c63bfc8fc581e60405b376e096d10

SHA512
827c6d5ab65de08161af514241498a2cfbd0576f6930cac9d583a76d2e5e3704dc429af091077377544cb0919289e158ed545af8a519f7c4e0cbbe237047697d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
59e5907cbe287a6a30713284f8dad744

SHA1
f0dc53e7f89cc79b534b139c4ad4d979d3f21f98

SHA256
a638f7ae20084459219a9524d6e1763519d90381b58c9b010248bd7b7a10e156

SHA512
4ad8a3db54b333e26d80eb7396889025df68d7902932b864dcdd5cf10f5610236863c4fcafe2121dc8428cc5fba8e60e1fc1205a98bd24dcf24273e5aeaf0509

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
f123eb00a297c3a18267c4c64aa771d6

SHA1
4f9e0acb2563fc44d6b08e1a4807a10231723597

SHA256
f2e29dd59aea5633af443a75a25f41ab67a11828b2901eaf30a5ebfaf76ef154

SHA512
76eb71e5fa0e03f528b1b434c5f652186a6fa2ff9e29fc75fc3755a72dda14ea8cee3b43e3e368f14ee6709cb799e60024a4a50bedc70b40443c9c614f7958f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
11ef244061676e2daff7b2ec4b0da1ce

SHA1
f3a3e1a978099a814472e4f608476951de08782a

SHA256
bd177fd8854768e5a3d31b638a45bc7650c73f23068d9bf139c1475694f7c9e4

SHA512
802132fba2e23cce4dc4c7c8f6dfa1e74ed0bde5b7cb725b1928ea2d0930392da967e945ce51105647751bdb16f015ef7b258b3e20f53a497fd735655936d031

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
1d1c7c7f0b54eb8ba4177f9e91af9dce

SHA1
2b0f0ceb9a374fec8258679c2a039fbce4aff396

SHA256
555c13933eae4e0b0e992713ed8118e2980442f89fbdfb06d3914b607edbbb18

SHA512
4c8930fe2c805c54c0076408aba3fbfb08c24566fba9f6a409b5b1308d39c7b26c96717d43223632f1f71d2e9e68a01b43a60031be8f1ca7a541fe0f56f4d9f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
874B

MD5
f7f7f7cc5f24e0da0b481c4e2acb995e

SHA1
aa48e62e0d8687b3fe218c893c7cd79317213b71

SHA256
0a62d2b7f7dc84996fc8dbc22c784b0fedaaf2eef8908089440c2cb89289e5f8

SHA512
81e234c8163e992b2cc565ca85984a67b3b9cf3edb5b5e2dc36950c6c2df9da177ab7a37c1c8241b93112963cf7a6357a3fc1786ce4e5c6e86ed3b6fe6a4cf2f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe587b55.TMP

Filesize
371B

MD5
150f8a1450b29f43c82fb95830b4f5af

SHA1
a844afd59890a3de6d759981d6ba8be261ca9ad3

SHA256
e489066529c71d2c4e1d723e3f332822ede92276f74beb9186894e911eb9a722

SHA512
31529da9247376a9db14d97368cee06b98172bafeaef591c829cfe60651da956a9a1b84664c570b1908d4c0eda2886beb7a9dd0e7f9bc041fa9c40cf6d0f6f35

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
2a2599bda0fa30d2985a615e4b10e715

SHA1
6fa91959acc44e9c54e575c1c97b1a0683dcc819

SHA256
0e27d21d73ce8661e2751ff3194a343656d4289277879425675f930d3c12d8fe

SHA512
fb16f09452b0ba5a3cdf27ebc43f3c7cbf18b8af4f236472682128747e3954d921236556037de6a4b95c48022924a88fef927a4e4de0fc8d6cca063cd45409f5

Download Submit