d573e57907ab1adfab56982f44f577736585015d1f1c89d7f461f24bb951c7c4

Analysis

max time kernel
145s
max time network
138s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
05-04-2024 04:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

cb1219c63615b6a193afef2372f16067_JaffaCakes118.html
Size

249KB
MD5

cb1219c63615b6a193afef2372f16067
SHA1

2674dae248c29e66c15306f44069a17ffb1e3062
SHA256

d573e57907ab1adfab56982f44f577736585015d1f1c89d7f461f24bb951c7c4
SHA512

71609b2efcb04da9efbda34ae417da6ea8abf51eadd51404d7a08808890ff12a404142f2f1eab51fd339ff27ff596a45c88c1d94dd6b46546ca9a85662986e97
SSDEEP

3072:KR1+cI6uZEsqim0d4XvoWXQ47GK11OvBAuKY0NfPKa7sOo/Lr3gwm5K6lKvkwweP:+IvEsqjXwOQ47GK11mB67TEv6l0Mo5

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1364	msedge.exe
1364	msedge.exe
1436	msedge.exe
1436	msedge.exe
4272	identity_helper.exe
4272	identity_helper.exe
2340	msedge.exe
2340	msedge.exe
2340	msedge.exe
2340	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1436 wrote to memory of 4504	1436	msedge.exe	85
PID 1436 wrote to memory of 4504	1436	msedge.exe	85
PID 1436 wrote to memory of 2904	1436	msedge.exe	86
PID 1436 wrote to memory of 2904	1436	msedge.exe	86
PID 1436 wrote to memory of 2904	1436	msedge.exe	86
PID 1436 wrote to memory of 2904	1436	msedge.exe	86
PID 1436 wrote to memory of 2904	1436	msedge.exe	86
PID 1436 wrote to memory of 2904	1436	msedge.exe	86
PID 1436 wrote to memory of 2904	1436	msedge.exe	86
PID 1436 wrote to memory of 2904	1436	msedge.exe	86
PID 1436 wrote to memory of 2904	1436	msedge.exe	86
PID 1436 wrote to memory of 2904	1436	msedge.exe	86
PID 1436 wrote to memory of 2904	1436	msedge.exe	86
PID 1436 wrote to memory of 2904	1436	msedge.exe	86
PID 1436 wrote to memory of 2904	1436	msedge.exe	86
PID 1436 wrote to memory of 2904	1436	msedge.exe	86
PID 1436 wrote to memory of 2904	1436	msedge.exe	86
PID 1436 wrote to memory of 2904	1436	msedge.exe	86
PID 1436 wrote to memory of 2904	1436	msedge.exe	86
PID 1436 wrote to memory of 2904	1436	msedge.exe	86
PID 1436 wrote to memory of 2904	1436	msedge.exe	86
PID 1436 wrote to memory of 2904	1436	msedge.exe	86
PID 1436 wrote to memory of 2904	1436	msedge.exe	86
PID 1436 wrote to memory of 2904	1436	msedge.exe	86
PID 1436 wrote to memory of 2904	1436	msedge.exe	86
PID 1436 wrote to memory of 2904	1436	msedge.exe	86
PID 1436 wrote to memory of 2904	1436	msedge.exe	86
PID 1436 wrote to memory of 2904	1436	msedge.exe	86
PID 1436 wrote to memory of 2904	1436	msedge.exe	86
PID 1436 wrote to memory of 2904	1436	msedge.exe	86
PID 1436 wrote to memory of 2904	1436	msedge.exe	86
PID 1436 wrote to memory of 2904	1436	msedge.exe	86
PID 1436 wrote to memory of 2904	1436	msedge.exe	86
PID 1436 wrote to memory of 2904	1436	msedge.exe	86
PID 1436 wrote to memory of 2904	1436	msedge.exe	86
PID 1436 wrote to memory of 2904	1436	msedge.exe	86
PID 1436 wrote to memory of 2904	1436	msedge.exe	86
PID 1436 wrote to memory of 2904	1436	msedge.exe	86
PID 1436 wrote to memory of 2904	1436	msedge.exe	86
PID 1436 wrote to memory of 2904	1436	msedge.exe	86
PID 1436 wrote to memory of 2904	1436	msedge.exe	86
PID 1436 wrote to memory of 2904	1436	msedge.exe	86
PID 1436 wrote to memory of 1364	1436	msedge.exe	87
PID 1436 wrote to memory of 1364	1436	msedge.exe	87
PID 1436 wrote to memory of 3668	1436	msedge.exe	88
PID 1436 wrote to memory of 3668	1436	msedge.exe	88
PID 1436 wrote to memory of 3668	1436	msedge.exe	88
PID 1436 wrote to memory of 3668	1436	msedge.exe	88
PID 1436 wrote to memory of 3668	1436	msedge.exe	88
PID 1436 wrote to memory of 3668	1436	msedge.exe	88
PID 1436 wrote to memory of 3668	1436	msedge.exe	88
PID 1436 wrote to memory of 3668	1436	msedge.exe	88
PID 1436 wrote to memory of 3668	1436	msedge.exe	88
PID 1436 wrote to memory of 3668	1436	msedge.exe	88
PID 1436 wrote to memory of 3668	1436	msedge.exe	88
PID 1436 wrote to memory of 3668	1436	msedge.exe	88
PID 1436 wrote to memory of 3668	1436	msedge.exe	88
PID 1436 wrote to memory of 3668	1436	msedge.exe	88
PID 1436 wrote to memory of 3668	1436	msedge.exe	88
PID 1436 wrote to memory of 3668	1436	msedge.exe	88
PID 1436 wrote to memory of 3668	1436	msedge.exe	88
PID 1436 wrote to memory of 3668	1436	msedge.exe	88
PID 1436 wrote to memory of 3668	1436	msedge.exe	88
PID 1436 wrote to memory of 3668	1436	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\cb1219c63615b6a193afef2372f16067_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9c99e46f8,0x7ff9c99e4708,0x7ff9c99e4718
  2⤵
  PID:4504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2208,4834816583506983555,4067853532534082475,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2220 /prefetch:2
  2⤵
  PID:2904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2208,4834816583506983555,4067853532534082475,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2284 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2208,4834816583506983555,4067853532534082475,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2908 /prefetch:8
  2⤵
  PID:3668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,4834816583506983555,4067853532534082475,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
  2⤵
  PID:4548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,4834816583506983555,4067853532534082475,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:2812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,4834816583506983555,4067853532534082475,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5244 /prefetch:1
  2⤵
  PID:5064
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2208,4834816583506983555,4067853532534082475,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6076 /prefetch:8
  2⤵
  PID:3224
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2208,4834816583506983555,4067853532534082475,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6076 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,4834816583506983555,4067853532534082475,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5732 /prefetch:1
  2⤵
  PID:1012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,4834816583506983555,4067853532534082475,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5828 /prefetch:1
  2⤵
  PID:824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,4834816583506983555,4067853532534082475,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4200 /prefetch:1
  2⤵
  PID:4568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,4834816583506983555,4067853532534082475,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5288 /prefetch:1
  2⤵
  PID:1928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2208,4834816583506983555,4067853532534082475,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4760 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2340

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2204

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4712

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9ffb5f81e8eccd0963c46cbfea1abc20

SHA1
a02a610afd3543de215565bc488a4343bb5c1a59

SHA256
3a654b499247e59e34040f3b192a0069e8f3904e2398cbed90e86d981378e8bc

SHA512
2d21e18ef3f800e6e43b8cf03639d04510433c04215923f5a96432a8aa361fdda282cd444210150d9dbf8f028825d5bc8a451fd53bd3e0c9528eeb80d6e86597

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e1b45169ebca0dceadb0f45697799d62

SHA1
803604277318898e6f5c6fb92270ca83b5609cd5

SHA256
4c0224fb7cc26ccf74f5be586f18401db57cce935c767a446659b828a7b5ee60

SHA512
357965b8d5cfaf773dbd9b371d7e308d1c86a6c428e542adbfe6bac34a7d2061d0a2f59e84e5b42768930e9b109e9e9f2a87e95cf26b3a69cbff05654ee42b4e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
4e54f123bdbaf6123a511343059cea4e

SHA1
0ec97144a5bb273abe3f30ff4b25febb59f31b95

SHA256
baea9e230f7c1ab3484c03cc1a5b8cd05f979ff68c4e47cd4d1abf578d5c0307

SHA512
dece440e3397fbb2d451be1f372433f5e90e47c2f223b112a54f957dff554ba5dbbc46b9293991504852ebff5bb0897b73d60c76115df43de9ce2bcf60184f01

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
0f4749e4b5cb122e013dda70067f6ac4

SHA1
24ead2d9d862f57cdc82d0ad96ebc1c6ae0538fa

SHA256
52c3e9df26e970f745be0634d4170b0a118699dc254c244c94027d5d5881f376

SHA512
b0a4529fdb83409b139ddf0bcbef169c14afe7a736594062a8a8c28ddf18205f6e20d091ed3788611b39d5200288f6a5ccff4f5f0360af814c179e70f7f7059b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
b7053b20d762c76c030e2c7a3bb0a8e3

SHA1
4951f45d77e85336e2a5abc3ccc2ad8556237228

SHA256
6dcdbeca04187a529459bf193c7ed111ccb7d98b30ef6fd941a2c2454f50197e

SHA512
42e571ea3e662cb595d1c0d29d568a8e08ee8af79020b14cc7a2d6f3ff27050d680f0d716704ee49696443a300d7b715b144f69dfa366db27f064fde36b1bfe2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a22eb7bc967d42c868aecb21a7b421a1

SHA1
d10fbb5a5abb1d275d0769a26193f3a8b191ca6c

SHA256
628106d6e9c6e1dfa0e6d7899b82a9b083abce775f544a09e41f97cd2513b3d9

SHA512
1286601623d5fb05281eeecf18180c60f4370f744039db633e872ddb9f76e5316e1aab68c3dab684092b3f588da2eadc36924ba7aeca65e01ea548d65b293a43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
88888c9602fb68a5cb9d4bdf9367185c

SHA1
35d14879f06773de0ea585466da92c9a0073674b

SHA256
3be37d6efdcf201786097ed3cb466f28d4c371b800c92000352af57788ca9b0d

SHA512
4bbcc95fbd04ddecc2eb3fc7157526d20367b0ec9660676c69ab0049246d0ed5b6fd4c0dbffac31305b6205dca67b6319d16c467f40b472b44672ebe2a049f35

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3f199eb2490c921fb3b2919d848acfe3

SHA1
1fb9f8204b91dd05f6cf02161a2216a2bfb2c77c

SHA256
9fc9f2f735e9653aaa480977bc6c91eb29841b249a2458de77386f782db303cf

SHA512
2a8083a247176e0a213bc531199e1230caeede36939da6853a16fe7bc10ecd2f332b95b99d5e4c93ddd0333c6aa2f6d66b9ff33ec1155b0e4560e627b9558569

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
e47500f540745512712cc8bf2c46fc3e

SHA1
3aad2c792ff81563295f1c5e869a9005c4dbfe53

SHA256
ee88d771c719811bafe164fc75124d13f47e79c65387a69bf560009614d28e08

SHA512
6448e744fe85ff6577efbbea72c4dbb17102e156cf317cf8aad26079225bdc9e25e5264bbaf64e19cf0ee1df909c319114b5992f92ed9d4709dc3378b464e1c0

Download Submit